Skip to main content

Robotic Process Automation

42 CVEs product

Monthly

CVE-2024-49825 MEDIUM This Month

IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-49824 MEDIUM This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51448 MEDIUM This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Robotic Process Automation
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-51456 MEDIUM This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Robotic Process Automation
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-43058 CRITICAL PATCH Act Now

IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38718 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-40370 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-38734 CRITICAL PATCH Act Now

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Robotic Process Automation
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38733 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-38732 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-23476 MEDIUM This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-35900 MEDIUM PATCH This Month

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-35901 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-23468 MEDIUM PATCH This Month

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22593 HIGH PATCH This Week

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Redis Authentication Bypass IBM Robotic Process Automation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22591 LOW Monitor

IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password. Rated low severity (CVSS 3.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service
NVD
CVSS 3.1
3.2
EPSS
0.2%
CVE-2023-25680 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22863 MEDIUM PATCH This Month

IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-22594 MEDIUM PATCH This Month

IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-43574 HIGH PATCH This Week

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

IBM Privilege Escalation Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-38710 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-41294 MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-36774 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-22503 MEDIUM This Month

IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Robotic Process Automation Robotic Process Automation As A Service
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-39168 HIGH PATCH This Week

IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation For Cloud Pak Robotic Process Automation For Services
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22490 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure IBM Path Traversal Robotic Process Automation +2
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-34338 MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Robotic Process Automation
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-33169 MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-30616 HIGH This Week

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-22505 HIGH This Week

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-22334 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-22412 MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2022-33953 MEDIUM This Month

IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2022-22502 MEDIUM This Month

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-22414 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-30607 MEDIUM PATCH This Month

IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Robotic Process Automation
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-22413 CRITICAL Act Now

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SQLi Robotic Process Automation
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-22319 MEDIUM This Month

IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Robotic Process Automation Robotic Process Automation As A Service
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-22434 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Robotic Process Automation Robotic Process Automation As A Service
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2022-22433 HIGH PATCH This Week

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Robotic Process Automation Robotic Process Automation As A Service
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-22415 MEDIUM This Month

A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Robotic Process Automation
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-11875 HIGH POC This Week

In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Robotic Process Automation
NVD
CVSS 3.0
8.8
EPSS
2.3%
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Robotic Process Automation +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Robotic Process Automation
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Robotic Process Automation
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation IBM Robotic Process Automation +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Robotic Process Automation
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Robotic Process Automation +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Robotic Process Automation
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Robotic Process Automation
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Robotic Process Automation +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Robotic Process Automation +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Robotic Process Automation +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Robotic Process Automation +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Robotic Process Automation
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Redis Authentication Bypass IBM +1
NVD
EPSS 0% CVSS 3.2
LOW Monitor

IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password. Rated low severity (CVSS 3.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Robotic Process Automation +2
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure IBM Robotic Process Automation +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Robotic Process Automation +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

IBM Privilege Escalation Robotic Process Automation +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Robotic Process Automation +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Information Disclosure IBM Robotic Process Automation +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Robotic Process Automation +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Robotic Process Automation +2
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure IBM +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Robotic Process Automation
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
EPSS 1% CVSS 7.2
HIGH This Week

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Robotic Process Automation
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Robotic Process Automation +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Robotic Process Automation +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Robotic Process Automation
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SQLi Robotic Process Automation
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Robotic Process Automation +1
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Robotic Process Automation +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Robotic Process Automation +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Robotic Process Automation
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Robotic Process Automation
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy