CVE-2022-22503

CWE-1021 — Clickjacking3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.1%

top 68.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Robotic Process Automation IBM Robotic Process Automation AS A Service

Timeline

PublishedOct 6

Description

IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDibm/robotic_process_automation< 21.0.1

▶NVDibm/robotic_process_automation_as_a_service< 21.0.1

▶CVEListV5ibm/robotic_process_automation21.0.0

🔴Vulnerability Details

CVEList

CVE-2022-22503: IBM Robotic Process Automation 21↗2022-10-06

▶

GHSA

GHSA-g348-x9h5-9m9g: IBM Robotic Process Automation 21↗2022-10-06

▶