9.8
CVE-2023-38734
- EPSS 0.1%
- Veröffentlicht 22.08.2023 22:15:08
- Zuletzt bearbeitet 21.11.2024 08:14:08
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM Robotic Process Automation privilege escalation
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Robotic Process Automation Version >= 21.0.0 <= 21.0.7.1
Ibm ≫ Robotic Process Automation Version23.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.275 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@us.ibm.com | 6.6 | 0.7 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.