Ibm Robotic Process Automation — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Robotic Process Automation, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (46)
CVE-2022-22413 — CVSS 9.8 (critical): IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted…
CVE-2022-39168 — CVSS 7.5 (high): IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.
CVE-2022-22505 — CVSS 7.5 (high): IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed…
CVE-2022-43574 — CVSS 7.5 (high): "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could…
CVE-2022-22433 — CVSS 7.5 (high): IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of…
CVE-2022-30616 — CVSS 7.2 (high): IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform…
CVE-2024-51448 — CVSS 6.7 (medium): IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges…
CVE-2023-38734 — CVSS 6.6 (medium): IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when…
CVE-2022-30607 — CVSS 6.5 (medium): IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain…
CVE-2024-49824 — CVSS 6.5 (medium): IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0…
CVE-2022-33169 — CVSS 6.5 (medium): IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a…
CVE-2022-22415 — CVSS 6.5 (medium): A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages…
CVE-2022-34338 — CVSS 6.5 (medium): IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for…
CVE-2022-41294 — CVSS 6.5 (medium): IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api…
CVE-2024-49825 — CVSS 6.3 (medium): IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not…
CVE-2022-22503 — CVSS 6.1 (medium): IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to…
CVE-2024-51456 — CVSS 5.9 (medium): IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data…
CVE-2023-22863 — CVSS 5.9 (medium): IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in…
CVE-2022-22414 — CVSS 5.5 (medium): IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system…
CVE-2022-22319 — CVSS 5.4 (medium): IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption…
CVE-2022-22502 — CVSS 5.4 (medium): IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2022-36774 — CVSS 5.3 (medium): IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client…
CVE-2023-43058 — CVSS 5.3 (medium): IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.
CVE-2022-38710 — CVSS 5.3 (medium): IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could…
CVE-2023-23468 — CVSS 5.1 (medium): IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security…
CVE-2022-22490 — CVSS 4.9 (medium): IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential…
CVE-2022-41740 — CVSS 4.6 (medium): IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive…
CVE-2022-22412 — CVSS 4.6 (medium): IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a…
CVE-2022-22434 — CVSS 4.6 (medium): IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to…
CVE-2022-22506 — CVSS 4.6 (medium): IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID…
CVE-2022-33953 — CVSS 4.6 (medium): IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due…
CVE-2022-33954 — CVSS 4.6 (medium): IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive…
CVE-2023-22594 — CVSS 4.6 (medium): IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users…
CVE-2023-38733 — CVSS 4.3 (medium): IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive…
CVE-2023-35900 — CVSS 4.3 (medium): IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version…
CVE-2022-22334 — CVSS 4.3 (medium): IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not…
CVE-2022-46773 — CVSS 4.3 (medium): IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid…
CVE-2023-38732 — CVSS 4.3 (medium): IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from…
CVE-2023-25680 — CVSS 4.2 (medium): IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are…
CVE-2023-22593 — CVSS 4.0 (medium): IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration…
CVE-2023-22591 — CVSS 3.9 (low): IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to…
CVE-2023-40370 — CVSS 3.7 (low): IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST…
CVE-2023-38718 — CVSS 3.7 (low): IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and…
CVE-2023-23476 — CVSS 3.1 (low): IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization…
CVE-2022-43573 — CVSS 3.1 (low): IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform…
CVE-2023-35901 — CVSS 2.7 (low): IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could…