CVE-2023-35900

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level.  IBM X-Force ID:  259368.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
ibmCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
ibmrobotic_process_automation
𝑥
≤ 21.0.7.4
ibmrobotic_process_automation
23.0.0 ≤
𝑥
≤ 23.0.5
ibmrobotic_process_automation_as_a_service
𝑥
≤ 21.0.7.4
ibmrobotic_process_automation_as_a_service
23.0.0 ≤
𝑥
≤ 23.0.5
ibmrobotic_process_automation_for_cloud_pak
𝑥
≤ 21.0.7.4
ibmrobotic_process_automation_for_cloud_pak
23.0.0 ≤
𝑥
≤ 23.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/259368
https://www.ibm.com/support/pages/node/7010895
https://exchange.xforce.ibmcloud.com/vulnerabilities/259368
https://www.ibm.com/support/pages/node/7010895