CVE-2022-46773

CWE-287Improper Authentication3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 60.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Robotic Process AutomationIBM Robotic Process Automation AS A ServiceIBM Robotic Process Automation FOR Cloud PAK
Timeline
PublishedMar 15

Description

IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 0.7 | Impact: 3.6

Affected Packages3 packages

CVEListV5ibm/robotic_process_automation21.0.021.0.7+1
NVDibm/robotic_process_automation21.0.021.0.7.1+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM Robotic Process Automation security bypass2023-03-15
GHSA
GHSA-94jw-6h72-65h2: IBM Robotic Process Automation 212023-03-15
CVE-2022-46773 (MEDIUM CVSS 6.5) | IBM Robotic Process Automation 21.0 | cvebase.io