CVE-2023-35901

CWE-287Improper Authentication3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 90.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Robotic Process AutomationIBM Robotic Process Automation AS A ServiceIBM Robotic Process Automation FOR Cloud PAK
Timeline
PublishedJul 17

Description

IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages3 packages

CVEListV5ibm/robotic_process_automation21.0.021.0.7.6+1
NVDibm/robotic_process_automation21.0.021.0.7.6+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-c5rv-3w8m-4v6h: IBM Robotic Process Automation 212023-07-17
CVEList
IBM Robotic Process Automation security bypass2023-07-16
CVE-2023-35901 (MEDIUM CVSS 5.3) | IBM Robotic Process Automation 21.0 | cvebase.io