CVE-2023-38718Sensitive Information Exposure in IBM Robotic Process Automation

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.3MEDIUMNVD
CNA3.7
EPSS
0.1%
top 79.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Robotic Process AutomationIBM Robotic Process Automation FOR Cloud PAK
Timeline
PublishedSep 20

Description

IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

CVEListV5ibm/robotic_process_automation21.0.021.0.7.8+1
NVDibm/robotic_process_automation21.0.021.0.7.8+1
CVEListV5ibm/robotic_process_automation_for_cloud_pak21.0.021.0.7.8+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM Robotic Process Automation information disclosure2023-09-20
GHSA
GHSA-jfr3-jvfg-j4fw: IBM Robotic Process Automation 212023-09-20
CVE-2023-38718 — Sensitive Information Exposure in IBM | cvebase