Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-22863

IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.

Published

2023-01-18T19:15:12.803

Last Modified

2024-11-21T07:45:32.963

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-319
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ibm robotic_process_automation < 21.0.3 Yes
Application ibm robotic_process_automation_as_a_service < 21.0.3 Yes
Application ibm robotic_process_automation_for_cloud_pak < 21.0.3 Yes
Operating System microsoft windows - No
Operating System redhat openshift - No
References