CVE-2023-45189

Summary

A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.

Affected Software

VendorProductVersion RangeStatus
IBMRobotic Process Automation21.0.0 <= 21.0.7.10affected
IBMRobotic Process Automation23.0.0 <= 23.0.10affected
IBMRobotic Process Automation for Cloud Pak21.0.0 <= 21.0.7.10affected
IBMRobotic Process Automation for Cloud Pak23.0.0 <= 23.0.10affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References