CVE-2023-40370

3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 79.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Robotic Process AutomationIBM Robotic Process Automation FOR Cloud PAK
Timeline
PublishedAug 22
Latest updateAug 23

Description

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/robotic_process_automation21.0.021.0.7.1
NVDibm/robotic_process_automation21.0.021.0.7.1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-gfrf-r6q5-j44j: IBM Robotic Process Automation 212023-08-23
CVEList
IBM Robotic Process Automation information disclosure2023-08-22
CVE-2023-40370 (MEDIUM CVSS 5.3) | IBM Robotic Process Automation 21.0 | cvebase.io