Unrated severityNVD Advisory· Published Jan 18, 2023· Updated Apr 3, 2025

IBM Robotic Process Automation information disclosure

CVE-2023-22863

Description

IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.

Affected products

IBM/Robotic Process Automationcpe-rescue
Range: 20.12.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/6855837mitrevendor-advisory
exchange.xforce.ibmcloud.com/vulnerabilities/244109mitrevdb-entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000