Skip to main content

Robotic Process Automation CVE-2023-22591

LOW
Insufficient Session Expiration (CWE-613)
2023-03-15 psirt@us.ibm.com
3.2
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.2 LOW
AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 15, 2023 - 21:15 nvd
LOW 3.2

DescriptionNVD

IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.

AnalysisAI

IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password. Rated low severity (CVSS 3.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-613. IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710. Affected products include: Ibm Robotic Process Automation, Ibm Robotic Process Automation As A Service. Version information: through 21.0.7.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-11875 HIGH POC
8.8 May 24

In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exp

CVE-2023-43058 CRITICAL
9.8 Oct 06

IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. Rated cr

CVE-2023-38734 CRITICAL
9.8 Aug 22

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege as

CVE-2022-22413 CRITICAL
9.8 May 12

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. Rated critical severity (CVSS

CVE-2023-22593 HIGH
7.8 Jun 27

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security

CVE-2022-43574 HIGH
7.5 Nov 03

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignm

CVE-2022-39168 HIGH
7.5 Sep 29

IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. Rated high sev

CVE-2022-22505 HIGH
7.5 Aug 01

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentia

CVE-2022-22433 HIGH
7.5 May 05

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by imprope

CVE-2022-30616 HIGH
7.2 Aug 01

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to pl

CVE-2023-23476 MEDIUM
6.5 Aug 02

IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insuffic

CVE-2023-25680 MEDIUM
6.5 Mar 15

IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Rated mediu

Share

CVE-2023-22591 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy