CVE-2022-30607 — Sensitive Information Exposure in IBM Robotic Process Automation

CWE-200 — Sensitive Information Exposure CWE-668 — Resource Exposure3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 42.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Robotic Process Automation

Timeline

PublishedJun 17

Latest updateJun 18

Description

IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/robotic_process_automation5 versions+4

▶NVDibm/robotic_process_automation5 versions+4

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-rv55-4jcm-gvqf: IBM Robotic Process Automation 20↗2022-06-18

▶

CVEList

CVE-2022-30607: IBM Robotic Process Automation 20↗2022-06-17

▶