First published: Fri Oct 28 2022(Updated: )
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081.
Credit: psirt@us.ibm.com psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Robotic Process Automation for Cloud Pak | >=20.12<21.0.3.1 | |
Redhat Openshift | ||
IBM Robotic Process Automation for Cloud Pak | <=< 21.0.3.1 | |
All of | ||
IBM Robotic Process Automation for Cloud Pak | >=20.12<21.0.3.1 | |
Redhat Openshift |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-43844 is high.
CVE-2022-43844 allows users to bypass access control measures in IBM Robotic Process Automation for Cloud Pak, potentially leading to unauthorized access to sensitive information.
IBM Robotic Process Automation for Cloud Pak versions 20.12 through 21.0.3 are affected by CVE-2022-43844.
To fix CVE-2022-43844, upgrade IBM Robotic Process Automation for Cloud Pak to version 21.0.3.1 or later.
You can find more information about CVE-2022-43844 at the following references: [link1](https://exchange.xforce.ibmcloud.com/vulnerabilities/239081), [link2](https://www.ibm.com/support/pages/node/6852663).