Ibm Robotic Process Automation For Cloud Pak — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Robotic Process Automation For Cloud Pak, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2022-35280 — CVSS 9.8 (critical): IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes…
CVE-2022-43844 — CVSS 8.8 (high): IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly…
CVE-2022-39168 — CVSS 7.5 (high): IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.
CVE-2022-43574 — CVSS 7.5 (high): "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could…
CVE-2024-49824 — CVSS 6.5 (medium): IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0…
CVE-2023-45189 — CVSS 6.5 (medium): A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through…
CVE-2024-49825 — CVSS 6.3 (medium): IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not…
CVE-2022-38709 — CVSS 6.1 (medium): IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows…
CVE-2023-22863 — CVSS 5.9 (medium): IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in…
CVE-2022-22502 — CVSS 5.4 (medium): IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2023-43058 — CVSS 5.3 (medium): IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.
CVE-2022-36774 — CVSS 5.3 (medium): IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client…
CVE-2022-38710 — CVSS 5.3 (medium): IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could…
CVE-2022-22490 — CVSS 4.9 (medium): IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential…
CVE-2022-41740 — CVSS 4.6 (medium): IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive…
CVE-2023-22594 — CVSS 4.6 (medium): IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users…
CVE-2022-33953 — CVSS 4.6 (medium): IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due…
CVE-2024-51457 — CVSS 4.4 (medium): IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting…
CVE-2023-35900 — CVSS 4.3 (medium): IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version…
CVE-2023-38732 — CVSS 4.3 (medium): IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from…
CVE-2022-46773 — CVSS 4.3 (medium): IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid…
CVE-2023-25680 — CVSS 4.2 (medium): IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are…
CVE-2023-22592 — CVSS 4.0 (medium): IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to…
CVE-2023-40370 — CVSS 3.7 (low): IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST…
CVE-2022-42442 — CVSS 3.3 (low): IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner…
CVE-2023-23476 — CVSS 3.1 (low): IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization…
CVE-2022-43573 — CVSS 3.1 (low): IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform…
CVE-2023-35901 — CVSS 2.7 (low): IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could…