CVE-2023-45189

A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials.  This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials.  IBM X-Force ID:  268752.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ibmCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
ibmrobotic_process_automation_for_cloud_pak
21.0.0 ≤
𝑥
≤ 21.0.7
ibmrobotic_process_automation_for_cloud_pak
23.0.0 ≤
𝑥
≤ 23.0.10
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ibmrobotic_process_automation
21.0.0 ≤
𝑥
≤ 21.0.7.10
CNA
ibmrobotic_process_automation
23.0.0 ≤
𝑥
≤ 23.0.10
CNA
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/268752
https://www.ibm.com/support/pages/node/7065204
https://exchange.xforce.ibmcloud.com/vulnerabilities/268752
https://www.ibm.com/support/pages/node/7065204