VYPR

Robotic Process Automation

by IBM

CVEs (72)

  • CVE-2023-43058MedOct 6, 2023
    risk 0.34cvss 5.3epss 0.01

    IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.

  • CVE-2022-38710MedNov 3, 2022
    risk 0.34cvss 5.3epss 0.00

    IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292.

  • CVE-2022-36774MedOct 6, 2022
    risk 0.34cvss 5.3epss 0.00

    IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575.

  • CVE-2023-23468MedJun 27, 2023
    risk 0.33cvss 5.1epss 0.00

    IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.

  • CVE-2022-22490MedAug 10, 2022
    risk 0.32cvss 4.9epss 0.01

    IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342.

  • CVE-2019-4295MedJul 1, 2019
    risk 0.32cvss 4.9epss 0.01

    IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758.

  • CVE-2018-2006MedFeb 21, 2019
    risk 0.32cvss 4.9epss 0.02

    IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID:…

  • CVE-2022-33954MedDec 19, 2024
    risk 0.30cvss 4.6epss 0.00

    IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials.

  • CVE-2022-22506MedFeb 12, 2024
    risk 0.30cvss 4.6epss 0.00

    IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293.

  • CVE-2023-22594MedJan 18, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2022-41740MedJan 5, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.

  • CVE-2022-22412MedJul 26, 2022
    risk 0.30cvss 4.6epss 0.00

    IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. IBM X-Force ID: 223019.

  • CVE-2022-33953MedJun 24, 2022
    risk 0.30cvss 4.6epss 0.00

    IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198.

  • CVE-2022-22434MedMay 5, 2022
    risk 0.30cvss 4.6epss 0.00

    IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159.

  • CVE-2024-51457MedJan 22, 2025
    risk 0.29cvss 4.4epss 0.00

    IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…

  • CVE-2023-38733MedAug 22, 2023
    risk 0.28cvss 4.3epss 0.00

    IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.

  • CVE-2023-38732MedAug 22, 2023
    risk 0.28cvss 4.3epss 0.00

    IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.

  • CVE-2023-35900MedJul 19, 2023
    risk 0.28cvss 4.3epss 0.00

    IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.

  • CVE-2022-46773MedMar 15, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.

  • CVE-2022-22334MedAug 1, 2022
    risk 0.28cvss 4.3epss 0.00

    IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391.