CVE-2023-22863
Published Jan 18, 2023
Last updated a year ago
Overview
- Description
- IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- psirt@us.ibm.com
- CWE-319
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD41B712-3818-4AFA-8A03-64E8B51809F0",
"versionEndExcluding": "21.0.3"
},
{
"criteria": "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9758FDC-C224-4EB3-8D42-409F4CBE6442",
"versionEndExcluding": "21.0.3"
},
{
"criteria": "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "034C5D78-A9CB-4A27-A2BF-1E7A1EB1318A",
"versionEndExcluding": "21.0.3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
},
{
"criteria": "cpe:2.3:o:redhat:openshift:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "22EB28CE-7C7F-4290-85FE-5E3EBF905CF0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]