CVE-2023-22592

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 76.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Robotic Process Automation FOR Cloud PAK

Timeline

PublishedJan 18

Description

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 1.4 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5ibm/robotic_process_automation_for_cloud_pak21.0.1 — 21.0.4

▶NVDibm/robotic_process_automation21.0.1 — 21.0.5

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM Robotic Process Automation for Cloud Pak insufficient permission settings↗2023-01-18

▶

GHSA

GHSA-f868-pffj-c6gh: IBM Robotic Process Automation for Cloud Pak 21↗2023-01-18

▶