Severity
Medium
Analysis Summary
CVE-2022-33954 CVSS:4.6
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials.
CVE-2022-33169 CVSS:5.3
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload.
CVE-2022-22505 CVSS:4.6
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed.
CVE-2022-22334 CVSS:4.2
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access.
CVE-2022-30616 CVSS:8
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs.
CVE-2022-34338 CVSS:5.8
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types.
Impact
- Information Disclosure
- Security Bypass
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-33954
- CVE-2022-33169
- CVE-2022-22505
- CVE-2022-22334
- CVE-2022-30616
- CVE-2022-34338
Affected Vendors
IBM
Affected Products
- IBM Robotic Process Automation 21.0.1
- IBM Robotic Process Automation 21.0.2
- IBM Robotic Process Automation 21.0.3
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.