CVE-2023-23476Incorrect Authorization in IBM Robotic Process Automation

CWE-863Incorrect AuthorizationCWE-200Sensitive Information Exposure4 documents4 sources
Severity
6.5MEDIUMNVD
CNA3.1
EPSS
0.1%
top 80.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Robotic Process AutomationIBM Robotic Process Automation FOR Cloud PAK
Timeline
PublishedAug 2

Description

IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDibm/robotic_process_automation21.0.023.0.0
CVEListV5ibm/robotic_process_automation21.0.021.0.7.latest
CVEListV5ibm/robotic_process_automation_for_cloud_pak21.0.021.0.7.latest

🔴Vulnerability Details

2
GHSA
GHSA-rpj7-8p65-2w48: IBM Robotic Process Automation 212023-08-02
CVEList
IBM Robotic Process Automation information disclosure2023-08-02
CVE-2023-23476 — Incorrect Authorization in IBM | cvebase