CVE-2023-22593

CWE-863Incorrect Authorization3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 92.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Robotic Process Automation FOR Cloud PAKIBM Robotic Process Automation
Timeline
PublishedJun 27

Description

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 1.4 | Impact: 2.5

Affected Packages2 packages

CVEListV5ibm/robotic_process_automation_for_cloud_pak21.0.121.0.7.3+1
NVDibm/robotic_process_automation21.0.121.0.7.3+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-w6xx-rr92-x6gv: IBM Robotic Process Automation for Cloud Pak 212023-06-27
CVEList
IBM Robotic Process Automation for Cloud Pak security configuration2023-06-27
CVE-2023-22593 (HIGH CVSS 7.8) | IBM Robotic Process Automation for | cvebase.io