CVE-2022-41294 — Origin Validation Error in IBM Robotic Process Automation

CWE-346 — Origin Validation Error3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 77.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Robotic Process Automation

Timeline

PublishedOct 6

Description

IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶NVDibm/robotic_process_automation21.0.0 — 21.0.4

▶CVEListV5ibm/robotic_process_automation5 versions+4

🔴Vulnerability Details

CVEList

CVE-2022-41294: IBM Robotic Process Automation 21↗2022-10-06

▶

GHSA

GHSA-f5gp-3w6p-wgx9: IBM Robotic Process Automation 21↗2022-10-06

▶