cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-51457,https://securityvulnerability.io/vulnerability/CVE-2024-51457,Cross-Site Scripting Vulnerability in IBM Robotic Process Automation,"IBM Robotic Process Automation for Cloud Pak versions 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This security flaw allows authenticated users to embed malicious JavaScript code in the web UI, which can manipulate intended functionality and potentially lead to the disclosure of sensitive credentials during trusted sessions. Organizations using affected versions should prioritize patching to mitigate the risks associated with this vulnerability.",IBM,Robotic Process Automation For Cloud Pak,4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-22T16:36:54.641Z,0
CVE-2024-49824,https://securityvulnerability.io/vulnerability/CVE-2024-49824,Improper Validation Vulnerability in IBM Robotic Process Automation,"The vulnerability in IBM Robotic Process Automation affects several versions, allowing an authenticated user to execute unauthorized actions as a privileged user. This is due to a failure in proper validation of client-side security enforcement measures, which could potentially enable malicious actors to bypass intended access controls. It is crucial for users of affected versions to implement necessary security patches and advisories provided by IBM to safeguard against this vulnerability.",IBM,"Robotic Process Automation,Robotic Process Automation For Cloud Pak",6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-18T15:11:58.522Z,0
CVE-2024-51448,https://securityvulnerability.io/vulnerability/CVE-2024-51448,Privilege Escalation Vulnerability in IBM Robotic Process Automation,"A privilege escalation vulnerability exists in IBM Robotic Process Automation versions 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18, which may allow a local user to elevate their privileges. This issue arises due to inappropriate file permission settings, permitting non-privileged users to replace executable files associated with the nssm.exe service. Once substituted, any subsequent restarts of the service or server will execute the unauthorized binary with elevated administrator rights, potentially compromising system security.",IBM,Robotic Process Automation,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-18T15:08:42.484Z,0
CVE-2024-51456,https://securityvulnerability.io/vulnerability/CVE-2024-51456,Remote Data Exposure in IBM Robotic Process Automation,"A vulnerability exists in IBM Robotic Process Automation versions 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19, where a remote attacker may exploit weaknesses in crypto-analysis to access sensitive data. This risk accentuates the need for vigilant security measures and targeted updates to safeguard valuable information from potential exposure.",IBM,Robotic Process Automation,5.9,MEDIUM,0.0008699999889358878,false,,true,false,true,2025-01-13T07:16:24.000Z,false,false,false,,2025-01-12T13:26:34.770Z,0
CVE-2022-33954,https://securityvulnerability.io/vulnerability/CVE-2022-33954,Sensitive Information Exposure in IBM Robotic Process Automation,"CVE-2022-33954 represents a significant security risk within IBM's Robotic Process Automation versions 21.0.1, 21.0.2, and 21.0.3. This vulnerability allows users with physical access to the system to exploit insufficiently protected credentials, potentially leading to unauthorized access to sensitive information stored on the device. Organizations utilizing these affected versions should prioritize updates and implement security measures to mitigate the risk associated with this vulnerability.",IBM,Robotic Process Automation,4.6,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-12-19T00:44:55.747Z,0
CVE-2022-22506,https://securityvulnerability.io/vulnerability/CVE-2022-22506,IBM RPA Vulnerability Exposes User IDs Across Tenants,"IBM Robotic Process Automation version 21.0.2 is affected by a vulnerability that can result in the exposure of user IDs across different tenants. This issue raises significant concerns regarding tenant isolation and data security, as unauthorized access to user identities could potentially lead to further security breaches. Organizations using this product should implement appropriate security measures to safeguard sensitive information and ensure tenant-level data separation.",IBM,Robotic Process Automation,4.6,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-02-12T19:09:56.754Z,0
CVE-2023-45189,https://securityvulnerability.io/vulnerability/CVE-2023-45189,IBM Robotic Process Automation information disclosure,"A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials.  This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials.  IBM X-Force ID:  268752.",IBM,"Robotic Process Automation,Robotic Process Automation For Cloud Pak",6.5,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-11-03T23:15:00.000Z,0
CVE-2023-43058,https://securityvulnerability.io/vulnerability/CVE-2023-43058,IBM Robotic Process Automation privilege escalation,IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects.  IBM X-Force ID:  247527.,IBM,Robotic Process Automation,5.3,MEDIUM,0.0014100000262260437,false,,false,false,false,,,false,false,,2023-10-06T14:15:00.000Z,0
CVE-2023-38718,https://securityvulnerability.io/vulnerability/CVE-2023-38718,IBM Robotic Process Automation information disclosure,"IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data.  IBM X-Force ID:  261606.",IBM,"Robotic Process Automation,Robotic Process Automation For Cloud Pak",3.7,LOW,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-09-20T20:15:00.000Z,0
CVE-2023-40370,https://securityvulnerability.io/vulnerability/CVE-2023-40370,IBM Robotic Process Automation information disclosure,"
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled.  IBM X-Force ID:  263470.

",IBM,Robotic Process Automation,3.7,LOW,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-08-22T22:15:00.000Z,0
CVE-2023-38734,https://securityvulnerability.io/vulnerability/CVE-2023-38734,IBM Robotic Process Automation privilege escalation,"
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory.  IBM X-Force ID:  262481.

",IBM,Robotic Process Automation,6.6,MEDIUM,0.0013800000306218863,false,,false,false,false,,,false,false,,2023-08-22T22:15:00.000Z,0
CVE-2023-38733,https://securityvulnerability.io/vulnerability/CVE-2023-38733,IBM Robotic Process Automation information disclosure,"
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs.  IBM X-Force Id:  262293.

",IBM,Robotic Process Automation,4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-08-22T22:15:00.000Z,0
CVE-2023-38732,https://securityvulnerability.io/vulnerability/CVE-2023-38732,IBM Robotic Process Automation information disclosure,"
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.

",IBM,Robotic Process Automation,4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-08-22T19:16:00.000Z,0
CVE-2023-23476,https://securityvulnerability.io/vulnerability/CVE-2023-23476,IBM Robotic Process Automation information disclosure,IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes.  IBM X-Force ID:  245425.,IBM,"Robotic Process Automation,Robotic Process Automation For Cloud Pak",3.1,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2023-08-02T15:15:00.000Z,0
CVE-2023-35900,https://securityvulnerability.io/vulnerability/CVE-2023-35900,IBM Robotic Process Automation information disclosure,IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level.  IBM X-Force ID:  259368.,IBM,Robotic Process Automation,4.3,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-07-19T01:15:00.000Z,0
CVE-2023-35901,https://securityvulnerability.io/vulnerability/CVE-2023-35901,IBM Robotic Process Automation security bypass,IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields.  IBM X-Force ID:  259380.,IBM,Robotic Process Automation,2.7,LOW,0.0005799999926239252,false,,false,false,false,,,false,false,,2023-07-17T00:15:00.000Z,0
CVE-2023-23468,https://securityvulnerability.io/vulnerability/CVE-2023-23468,IBM Robotic Process Automation for Cloud Pak access control,IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster.  IBM X-Force ID:  244500.,IBM,Robotic Process Automation For Cloud Pak,5.1,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-06-27T19:15:00.000Z,0
CVE-2023-22593,https://securityvulnerability.io/vulnerability/CVE-2023-22593,IBM Robotic Process Automation for Cloud Pak security configuration,"IBM Robotic Process Automation for Cloud Pak versions 21.0.1 to 21.0.7.3 and 23.0.0 to 23.0.3 are prone to a security misconfiguration in the Redis container. This flaw may allow attackers to achieve elevated privileges, potentially compromising system integrity and exposing sensitive data. Organizations utilizing affected versions should review their configurations to safeguard against unauthorized access.",IBM,Robotic Process Automation For Cloud Pak,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-06-27T19:15:00.000Z,0
CVE-2023-22591,https://securityvulnerability.io/vulnerability/CVE-2023-22591,IBM Robotic Process Automation session fixation,IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset.  IBM X-Force ID:  243710.,IBM,Robotic Process Automation,3.2,LOW,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-03-15T21:15:00.000Z,0
CVE-2023-25680,https://securityvulnerability.io/vulnerability/CVE-2023-25680,IBM Robotic Process Automation information disclosure,IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials.   Queue Provider credentials are not obfuscated while editing queue provider details.  IBM X-Force ID:  247032.,IBM,Robotic Process Automation,6.5,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-03-15T20:15:00.000Z,0
CVE-2022-46773,https://securityvulnerability.io/vulnerability/CVE-2022-46773,IBM Robotic Process Automation security bypass,IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result.  IBM X-Force ID:  242951.,IBM,Robotic Process Automation,4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2023-03-15T19:57:22.981Z,0
CVE-2023-22592,https://securityvulnerability.io/vulnerability/CVE-2023-22592,IBM Robotic Process Automation for Cloud Pak insufficient permission settings,"A vulnerability in IBM Robotic Process Automation for Cloud Pak versions 21.0.1 through 21.0.4 may allow local users to perform unauthorized actions. This is due to insufficient permission settings that do not adequately restrict user capabilities, potentially leading to security breaches. Organizations using these versions should review their permission configurations to mitigate this risk.",IBM,Robotic Process Automation for Cloud Pak,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-01-18T19:15:00.000Z,0
CVE-2023-22863,https://securityvulnerability.io/vulnerability/CVE-2023-22863,IBM Robotic Process Automation information disclosure,IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL.  This could allow an attacker to obtain sensitive information using man in the middle techniques.  IBM X-Force ID:  244109.,IBM,Robotic Process Automation,5.9,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2023-01-18T19:15:00.000Z,0
CVE-2023-22594,https://securityvulnerability.io/vulnerability/CVE-2023-22594,IBM Robotic Process Automation for Cloud Pak cross-site scripting,IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  244075.,IBM,Robotic Process Automation for Cloud Pak,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-01-18T19:15:00.000Z,0
CVE-2022-43573,https://securityvulnerability.io/vulnerability/CVE-2022-43573,IBM Robotic Process Automation information disclosure,IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects.  IBM X-Force ID:  238678.,IBM,Robotic Process Automation,3.1,LOW,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-01-05T17:39:23.656Z,0