CVE-2022-43574

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
7.5HIGH
EPSS
0.2%
top 60.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Robotic Process AutomationIBM Robotic Process Automation FOR Cloud PAK
Timeline
PublishedNov 3
Latest updateNov 4

Description

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm_robotic_process_automation"21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5"

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-p85m-rcvw-2rv6: "IBM Robotic Process Automation 212022-11-04
CVEList
CVE-2022-43574: "IBM Robotic Process Automation 212022-11-03
CVE-2022-43574 (HIGH CVSS 7.5) | "IBM Robotic Process Automation 21. | cvebase.io