5.3
CVE-2023-35901
- EPSS 0.04%
- Veröffentlicht 17.07.2023 00:15:09
- Zuletzt bearbeitet 21.11.2024 08:08:57
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM Robotic Process Automation security bypass
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Robotic Process Automation Version >= 21.0.0 <= 21.0.7.6
Ibm ≫ Robotic Process Automation Version >= 23.0.0 <= 23.0.6
Ibm ≫ Robotic Process Automation As A Service Version >= 21.0.0 <= 21.0.7.6
Ibm ≫ Robotic Process Automation For Cloud Pak Version >= 21.0.0 <= 21.0.7.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.105 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| psirt@us.ibm.com | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.