threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm robotic process automation for cloud pak
Product
ibm robotic process automation for cloud pak
28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-49825
>= 21.0.0 and <= 21.0.7.20
IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 do
6.3
MEDIUM
CVE-2024-51457
>= 21.0.0 and < 21.0.7.20
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scrip
4.4
MEDIUM
CVE-2024-49824
>= 21.0.0 and < 21.0.7.19
IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud
6.5
MEDIUM
CVE-2023-45189
>= 21.0.0 and <= 21.0.7
A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.
6.5
MEDIUM
CVE-2023-43058
all versions
IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID:
5.3
MEDIUM
CVE-2023-40370
>= 21.0.0 and <= 21.0.7.1
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the re
3.7
LOW
CVE-2023-38732
>= 21.0.0 and <= 21.0.7
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from a
4.3
MEDIUM
CVE-2023-23476
>= 21.0.0 and < 23.0.0
IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient autho
3.1
LOW
CVE-2023-35900
<= 21.0.7.4
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server
4.3
MEDIUM
CVE-2023-35901
>= 21.0.0 and <= 21.0.7.6
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass wh
2.7
LOW
CVE-2023-25680
>= 21.0.1 and < 21.0.6
IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider cred
4.2
MEDIUM
CVE-2022-46773
>= 21.0.0 and < 21.0.7.1
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Inv
4.3
MEDIUM
CVE-2023-22863
< 21.0.3
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly spec
5.9
MEDIUM
CVE-2023-22594
< 21.0.5
IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allo
4.6
MEDIUM
CVE-2023-22592
>= 21.0.1 and < 21.0.5
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to
4.0
MEDIUM
CVE-2022-43844
>= 20.12 and < 21.0.3.1
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctl
8.8
HIGH
CVE-2022-43573
< 21.0.7
IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of pl
3.1
LOW
CVE-2022-41740
< 21.0.7
IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly se
4.6
MEDIUM
CVE-2022-43574
< 21.0.6
"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which
7.5
HIGH
CVE-2022-42442
< 21.0.6
IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first ten
3.3
LOW
CVE-2022-38710
< 21.0.3
IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information th
5.3
MEDIUM
CVE-2022-38709
>= 21.0.1 and < 21.0.4
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability
6.1
MEDIUM
CVE-2022-36774
>= 21.0.0 and < 21.0.3
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the c
5.3
MEDIUM
CVE-2022-39168
all versions
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.
7.5
HIGH
CVE-2022-35280
all versions
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, whi
9.8
CRITICAL
CVE-2022-22490
< 21.0.3
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential i
4.9
MEDIUM
CVE-2022-33953
< 21.0.2.5
IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive inform
4.6
MEDIUM
CVE-2022-22502
< 21.0.2.2
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed a
5.4
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin