Vulnerabilities > IBM > Robotic Process Automation > 21.0.2

DATE CVE VULNERABILITY TITLE RISK
2022-10-06 CVE-2022-41294 Origin Validation Error vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api.
network
low complexity
ibm CWE-346
6.5
6.5
2022-08-01 CVE-2022-22334 Unspecified vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access.
network
low complexity
ibm
4.3
4.3
2022-08-01 CVE-2022-30616 Unspecified vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs.
network
low complexity
ibm
7.2
7.2
2022-06-24 CVE-2022-22502 Cross-site Scripting vulnerability in IBM products
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2022-06-24 CVE-2022-33953 Insufficiently Protected Credentials vulnerability in IBM products
IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens.
local
low complexity
ibm CWE-522
2.1
2.1
2022-06-20 CVE-2022-22414 Unspecified vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory.
local
low complexity
ibm
5.5
5.5
2022-06-17 CVE-2022-30607 Information Exposure vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI.
network
low complexity
ibm CWE-200
6.5
6.5
2022-05-12 CVE-2022-22413 SQL Injection vulnerability in IBM Robotic Process Automation 21.0.0/21.0.1/21.0.2
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.5
7.5
2022-05-05 CVE-2022-22433 Improper Input Validation vulnerability in IBM products
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-20
5.0
5.0
2022-05-05 CVE-2022-22434 Unspecified vulnerability in IBM products
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects.
local
low complexity
ibm
2.1
2.1