cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-51457,https://securityvulnerability.io/vulnerability/CVE-2024-51457,Cross-Site Scripting Vulnerability in IBM Robotic Process Automation,"IBM Robotic Process Automation for Cloud Pak versions 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This security flaw allows authenticated users to embed malicious JavaScript code in the web UI, which can manipulate intended functionality and potentially lead to the disclosure of sensitive credentials during trusted sessions. Organizations using affected versions should prioritize patching to mitigate the risks associated with this vulnerability.",IBM,Robotic Process Automation For Cloud Pak,4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-22T16:36:54.641Z,0
CVE-2024-49824,https://securityvulnerability.io/vulnerability/CVE-2024-49824,Improper Validation Vulnerability in IBM Robotic Process Automation,"The vulnerability in IBM Robotic Process Automation affects several versions, allowing an authenticated user to execute unauthorized actions as a privileged user. This is due to a failure in proper validation of client-side security enforcement measures, which could potentially enable malicious actors to bypass intended access controls. It is crucial for users of affected versions to implement necessary security patches and advisories provided by IBM to safeguard against this vulnerability.",IBM,"Robotic Process Automation,Robotic Process Automation For Cloud Pak",6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-18T15:11:58.522Z,0
CVE-2023-45189,https://securityvulnerability.io/vulnerability/CVE-2023-45189,IBM Robotic Process Automation information disclosure,"A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials.  This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials.  IBM X-Force ID:  268752.",IBM,"Robotic Process Automation,Robotic Process Automation For Cloud Pak",6.5,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-11-03T23:15:00.000Z,0
CVE-2023-38718,https://securityvulnerability.io/vulnerability/CVE-2023-38718,IBM Robotic Process Automation information disclosure,"IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data.  IBM X-Force ID:  261606.",IBM,"Robotic Process Automation,Robotic Process Automation For Cloud Pak",3.7,LOW,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-09-20T20:15:00.000Z,0
CVE-2023-23476,https://securityvulnerability.io/vulnerability/CVE-2023-23476,IBM Robotic Process Automation information disclosure,IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes.  IBM X-Force ID:  245425.,IBM,"Robotic Process Automation,Robotic Process Automation For Cloud Pak",3.1,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2023-08-02T15:15:00.000Z,0
CVE-2023-23468,https://securityvulnerability.io/vulnerability/CVE-2023-23468,IBM Robotic Process Automation for Cloud Pak access control,IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster.  IBM X-Force ID:  244500.,IBM,Robotic Process Automation For Cloud Pak,5.1,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-06-27T19:15:00.000Z,0
CVE-2023-22593,https://securityvulnerability.io/vulnerability/CVE-2023-22593,IBM Robotic Process Automation for Cloud Pak security configuration,"IBM Robotic Process Automation for Cloud Pak versions 21.0.1 to 21.0.7.3 and 23.0.0 to 23.0.3 are prone to a security misconfiguration in the Redis container. This flaw may allow attackers to achieve elevated privileges, potentially compromising system integrity and exposing sensitive data. Organizations utilizing affected versions should review their configurations to safeguard against unauthorized access.",IBM,Robotic Process Automation For Cloud Pak,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-06-27T19:15:00.000Z,0
CVE-2023-22592,https://securityvulnerability.io/vulnerability/CVE-2023-22592,IBM Robotic Process Automation for Cloud Pak insufficient permission settings,"A vulnerability in IBM Robotic Process Automation for Cloud Pak versions 21.0.1 through 21.0.4 may allow local users to perform unauthorized actions. This is due to insufficient permission settings that do not adequately restrict user capabilities, potentially leading to security breaches. Organizations using these versions should review their permission configurations to mitigate this risk.",IBM,Robotic Process Automation for Cloud Pak,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-01-18T19:15:00.000Z,0
CVE-2023-22594,https://securityvulnerability.io/vulnerability/CVE-2023-22594,IBM Robotic Process Automation for Cloud Pak cross-site scripting,IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  244075.,IBM,Robotic Process Automation for Cloud Pak,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-01-18T19:15:00.000Z,0
CVE-2022-43844,https://securityvulnerability.io/vulnerability/CVE-2022-43844,IBM Robotic Process Automation for Cloud Pak session fixation,"IBM Robotic Process Automation for Cloud Pak versions 20.12 through 21.0.3 are susceptible to a broken access control vulnerability. This flaw prevents the proper redirection of users to the platform logout screen upon logging out, potentially exposing sensitive information. Users may remain authenticated longer than intended, thereby increasing the risk of unauthorized access to the system. It is essential for organizations using these versions to implement the necessary updates and security measures to mitigate any associated risks.",IBM,Robotic Process Automation For Cloud Pak,8.8,HIGH,0.0008099999977275729,false,,false,false,false,,,false,false,,2023-01-05T17:19:27.774Z,0
CVE-2022-42442,https://securityvulnerability.io/vulnerability/CVE-2022-42442,IBM Robotic Process Automation for Cloud Pak information disclosure,"
IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214.


",IBM,Robotic Process Automation For Cloud Pak,3.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-11-03T00:00:00.000Z,0