CVE-2023-35900

EUVD-2023-39892
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level.  IBM X-Force ID:  259368.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
ibmCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
ibmrobotic_process_automation
𝑥
≤ 21.0.7.4
ibmrobotic_process_automation
23.0.0 ≤
𝑥
≤ 23.0.5
ibmrobotic_process_automation_as_a_service
𝑥
≤ 21.0.7.4
ibmrobotic_process_automation_as_a_service
23.0.0 ≤
𝑥
≤ 23.0.5
ibmrobotic_process_automation_for_cloud_pak
𝑥
≤ 21.0.7.4
ibmrobotic_process_automation_for_cloud_pak
23.0.0 ≤
𝑥
≤ 23.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/259368
https://www.ibm.com/support/pages/node/7010895
https://exchange.xforce.ibmcloud.com/vulnerabilities/259368
https://www.ibm.com/support/pages/node/7010895