CVE-2022-35280Weak Password Requirements in IBM Robotic Process Automation

CWE-521Weak Password Requirements3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.2%
top 57.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Robotic Process AutomationIBM Robotic Process Automation FOR Cloud PAK
Timeline
PublishedAug 10
Latest updateAug 11

Description

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/robotic_process_automation21.0.0, 21.0.1, 21.0.2+2
NVDibm/robotic_process_automation21.0.0, 21.0.1, 21.0.2+2

🔴Vulnerability Details

2
GHSA
GHSA-xwcm-q6m6-465v: IBM Robotic Process Automation 212022-08-11
CVEList
CVE-2022-35280: IBM Robotic Process Automation 212022-08-10
CVE-2022-35280 — Weak Password Requirements in IBM | cvebase