CVE-2022-22490

CWE-552 — Files Accessible to External Parties CWE-4024 documents4 sources

Severity

4.9MEDIUM

EPSS

0.3%

top 50.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Robotic Process Automation IBM Robotic Process Automation FOR Cloud PAK

Timeline

PublishedAug 10

Latest updateFeb 14

Description

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/robotic_process_automation< 21.0.3

▶CVEListV5ibm/robotic_process_automation21.0.0, 21.0.1, 21.0.2+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-8ph8-qhj8-87rw: IBM Robotic Process Automation 21↗2022-08-11

▶

CVEList

CVE-2022-22490: IBM Robotic Process Automation 21↗2022-08-10

▶

📋Vendor Advisories

Red Hat

git: data exfiltration with maliciously crafted repository↗2023-02-14

▶