CVE-2022-22412 — IBM Robotic Process Automation vulnerability

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 75.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Robotic Process Automation

Timeline

PublishedJul 26

Latest updateJul 27

Description

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. IBM X-Force ID: 223019.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/robotic_process_automation21.0.0 — 21.0.3

▶CVEListV5ibm/robotic_process_automation21.0.0, 21.0.1, 21.0.2+2

🔴Vulnerability Details

GHSA

GHSA-px54-jwh8-83qg: IBM Robotic Process Automation 21↗2022-07-27

▶

CVEList

CVE-2022-22412: IBM Robotic Process Automation 21↗2022-07-26

▶