5.3

CVE-2023-35901

IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields.  IBM X-Force ID:  259380.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmRobotic Process Automation Version >= 21.0.0 <= 21.0.7.6
   RedhatOpenshift Version-
   MicrosoftWindows Version-
IbmRobotic Process Automation Version >= 23.0.0 <= 23.0.6
   RedhatOpenshift Version-
   MicrosoftWindows Version-
IbmRobotic Process Automation As A Service Version >= 21.0.0 <= 21.0.7.6
   RedhatOpenshift Version-
   MicrosoftWindows Version-
IbmRobotic Process Automation For Cloud Pak Version >= 21.0.0 <= 21.0.7.6
   RedhatOpenshift Version-
   MicrosoftWindows Version-
IbmRobotic Process Automation For Cloud Pak Version >= 23.0.0 <= 23.0.6
   RedhatOpenshift Version-
   MicrosoftWindows Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.06
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
psirt@us.ibm.com 2.7 1.2 1.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.