Vulnerabilities > CVE-2023-22591 - Insufficient Session Expiration vulnerability in IBM products

CVSS 3.2 - LOW

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

low complexity

ibm

CWE-613

NVD

Published: 2023-03-15

Updated: 2023-11-07

Summary

IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Robotic Process Automation AS A Service - IBM Robotic Process Automation AS A Service 21.0.2.2 IBM Robotic Process Automation AS A Service 21.0.2.5 IBM Robotic Process Automation AS A Service 21.0.3 IBM Robotic Process Automation AS A Service 21.0.6 IBM Robotic Process Automation AS A Service 23.0.1 IBM Robotic Process Automation 23.0.0 IBM Robotic Process Automation 23.0.1 IBM Robotic Process Automation 21.0.1 IBM Robotic Process Automation 21.0.1.2 IBM Robotic Process Automation 21.0.1.5 IBM Robotic Process Automation 21.0.2 IBM Robotic Process Automation 21.0.2.1 IBM Robotic Process Automation 21.0.2.2 IBM Robotic Process Automation 21.0.2.5 IBM Robotic Process Automation 21.0.3 IBM Robotic Process Automation 21.0.4 IBM Robotic Process Automation 21.0.5 IBM Robotic Process Automation 21.0.6 IBM Robotic Process Automation 21.0.7	20

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References