Vulnerabilities > IBM > Robotic Process Automation > 21.0.2.5

DATE CVE VULNERABILITY TITLE RISK
2022-11-03 CVE-2022-43574 Incorrect Default Permissions vulnerability in IBM products
"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations.
network
low complexity
ibm CWE-276
7.5
7.5
2022-10-06 CVE-2022-36774 Unspecified vulnerability in IBM products
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration.
high complexity
ibm
5.3
5.3
2022-10-06 CVE-2022-41294 Origin Validation Error vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api.
network
low complexity
ibm CWE-346
6.5
6.5
2022-08-10 CVE-2022-22490 Files or Directories Accessible to External Parties vulnerability in IBM products
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information.
network
low complexity
ibm CWE-552
4.9
4.9
2022-08-01 CVE-2022-22505 Unspecified vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed.
network
low complexity
ibm
7.5
7.5
2022-08-01 CVE-2022-30616 Unspecified vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs.
network
low complexity
ibm
7.2
7.2
2022-08-01 CVE-2022-33169 Insufficiently Protected Credentials vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload.
network
low complexity
ibm CWE-522
6.5
6.5
2022-08-01 CVE-2022-34338 Improper Privilege Management vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types.
network
low complexity
ibm CWE-269
6.5
6.5
2022-07-26 CVE-2022-22412 Unspecified vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token.
low complexity
ibm
4.6
4.6