CVE-2022-33954Insufficiently Protected Credentials in IBM Robotic Process Automation

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.0%
top 85.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Robotic Process Automation
Timeline
PublishedDec 19

Description

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/robotic_process_automation21.0.1, 21.0.2, 21.0.3
NVDibm/robotic_process_automation21.0.1, 21.0.2, 21.0.3+2

🔴Vulnerability Details

2
GHSA
GHSA-v885-gqcv-cj29: IBM Robotic Process Automation 212024-12-19
CVEList
IBM Robotic Process Automation information disclosure2024-12-19
CVE-2022-33954 — Insufficiently Protected Credentials | cvebase