CVE-2023-38732

CWE-532Log File Information Exposure3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 82.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Robotic Process AutomationIBM Robotic Process Automation FOR Cloud PAK
Timeline
PublishedAug 22

Description

IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/robotic_process_automation21.0.021.0.7
NVDibm/robotic_process_automation21.0.021.0.7

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-3f43-hwc9-36qv: IBM Robotic Process Automation 212023-08-22
CVEList
IBM Robotic Process Automation information disclosure2023-08-22
CVE-2023-38732 (MEDIUM CVSS 4.3) | IBM Robotic Process Automation 21.0 | cvebase.io