Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22433

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 224156.

Published

2022-05-05T16:15:10.197

Last Modified

2024-11-21T06:46:47.553

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	robotic_process_automation	< 21.0.1.5	Yes
Application	ibm	robotic_process_automation	21.0.2	Yes
Application	ibm	robotic_process_automation_as_a_service	*	Yes
Operating System	microsoft	windows	-	No

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/224156 VDB Entry, Vendor Advisory ([email protected])
https://www.ibm.com/support/pages/node/6573913 Patch, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/224156 VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/6573913 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)