Robotic Process Automation
by IBM
CVEs (72)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-4901 | Med | 0.42 | 6.5 | 0.01 | May 7, 2021 | IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992. | ||
| CVE-2024-49825 | Med | 0.41 | 6.3 | 0.00 | Apr 14, 2025 | IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system. | ||
| CVE-2022-38709 | Med | 0.40 | 6.1 | 0.00 | Oct 6, 2022 | IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure… | ||
| CVE-2022-22503 | Med | 0.40 | 6.1 | 0.01 | Oct 6, 2022 | IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch… | ||
| CVE-2018-1877 | Med | 0.40 | 6.2 | 0.00 | Nov 2, 2018 | IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713. | ||
| CVE-2018-1876 | Med | 0.40 | 6.2 | 0.00 | Nov 2, 2018 | IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707. | ||
| CVE-2018-1795 | Med | 0.40 | 6.1 | 0.01 | Oct 5, 2018 | IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure… | ||
| CVE-2024-51456 | Med | 0.38 | 5.9 | 0.00 | Jan 12, 2025 | IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks. | ||
| CVE-2023-22863 | Med | 0.38 | 5.9 | 0.00 | Jan 18, 2023 | IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109. | ||
| CVE-2022-22414 | Med | 0.36 | 5.5 | 0.00 | Jun 20, 2022 | IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 223026. | ||
| CVE-2019-4299 | Med | 0.36 | 5.5 | 0.00 | Jul 1, 2019 | IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765. | ||
| CVE-2018-1552 | Med | 0.36 | 5.5 | 0.03 | Nov 2, 2018 | IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to… | ||
| CVE-2022-22502 | Med | 0.35 | 5.4 | 0.00 | Jun 24, 2022 | IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… | ||
| CVE-2022-22319 | Med | 0.35 | 5.4 | 0.01 | May 9, 2022 | IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366. | ||
| CVE-2019-4337 | Med | 0.35 | 5.3 | 0.01 | Jul 1, 2019 | IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412. | ||
| CVE-2019-4297 | Med | 0.35 | 5.4 | 0.01 | Jul 1, 2019 | IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM… | ||
| CVE-2018-1908 | Med | 0.35 | 5.4 | 0.01 | Mar 14, 2019 | IBM Robotic Process Automation with Automation Anywhere 11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a… | ||
| CVE-2018-1878 | Med | 0.35 | 5.3 | 0.01 | Nov 2, 2018 | IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714. | ||
| CVE-2018-1812 | Med | 0.35 | 5.4 | 0.01 | Oct 5, 2018 | IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in… | ||
| CVE-2017-1751 | Med | 0.35 | 5.4 | 0.01 | Dec 20, 2017 | IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a… |
- risk 0.42cvss 6.5epss 0.01
IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992.
- risk 0.41cvss 6.3epss 0.00
IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
- risk 0.40cvss 6.1epss 0.00
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…
- risk 0.40cvss 6.1epss 0.01
IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch…
- risk 0.40cvss 6.2epss 0.00
IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713.
- risk 0.40cvss 6.2epss 0.00
IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707.
- risk 0.40cvss 6.1epss 0.01
IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…
- risk 0.38cvss 5.9epss 0.00
IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks.
- risk 0.38cvss 5.9epss 0.00
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.
- risk 0.36cvss 5.5epss 0.00
IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 223026.
- risk 0.36cvss 5.5epss 0.00
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.
- risk 0.36cvss 5.5epss 0.03
IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to…
- risk 0.35cvss 5.4epss 0.00
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
- risk 0.35cvss 5.4epss 0.01
IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366.
- risk 0.35cvss 5.3epss 0.01
IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412.
- risk 0.35cvss 5.4epss 0.01
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM…
- risk 0.35cvss 5.4epss 0.01
IBM Robotic Process Automation with Automation Anywhere 11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…
- risk 0.35cvss 5.3epss 0.01
IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714.
- risk 0.35cvss 5.4epss 0.01
IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in…
- risk 0.35cvss 5.4epss 0.01
IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…
Page 2 of 4