CVE-2023-25680Sensitive Information Exposure in IBM Robotic Process Automation

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
CNA4.2
EPSS
0.2%
top 52.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Robotic Process AutomationIBM Robotic Process Automation AS A ServiceIBM Robotic Process Automation FOR Cloud PAK
Timeline
PublishedMar 15

Description

IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5ibm/robotic_process_automation21.0.121.0.5
NVDibm/robotic_process_automation21.0.121.0.6+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-8mmh-5rjw-w4rg: IBM Robotic Process Automation 212023-03-15
CVEList
IBM Robotic Process Automation information disclosure2023-03-15
CVE-2023-25680 — Sensitive Information Exposure in IBM | cvebase