First published: Sun Jun 19 2022(Updated: )
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Robotic Process Automation for Services | >=21.0.0<21.0.3 | |
IBM Robotic Process Automation for Cloud Pak | <=< 21.0.3 | |
IBM Robotic Process Automation as a Service | <=< 21.0.3 | |
IBM Robotic Process Automation for Services | <=< 21.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-30616 has been classified with a significant severity due to its potential for privilege escalation.
To mitigate CVE-2022-30616, upgrade IBM Robotic Process Automation to version 21.0.3 or later.
CVE-2022-30616 affects users of IBM Robotic Process Automation versions 21.0.0, 21.0.1, and 21.0.2.
CVE-2022-30616 allows a privileged user to elevate their privileges to platform administrator through API manipulation.
Currently, the recommended action for CVE-2022-30616 is to upgrade to a non-vulnerable version rather than relying on a workaround.