CVE-2022-39168

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
7.5HIGH
EPSS
0.2%
top 57.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Robotic Process AutomationIBM Robotic Process Automation FOR Cloud PAKIBM Robotic Process Automation FOR Services
Timeline
PublishedSep 29
Latest updateSep 30

Description

IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/robotic_process_automation21.0.3, 21.0.4+1
NVDibm/robotic_process_automation21.0.3, 21.0.4+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-95fp-qmmf-g6q5: IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs2022-09-30
CVEList
CVE-2022-39168: IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs2022-09-29
CVE-2022-39168 (HIGH CVSS 7.5) | IBM Robotic Process Automation Clie | cvebase.io