CVE-2022-46773: IBM Robotic Process Automation security bypass
First published: Tue Mar 07 2023(Updated: )
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Robotic Process Automation | >=21.0.0<21.0.7.1 | |
| IBM Robotic Process Automation | =23.0.0 | |
| IBM Robotic Process Automation as a Service | <23.0.1 | |
| IBM Robotic Process Automation for Cloud Pak | >=21.0.0<21.0.7.1 | |
| IBM Robotic Process Automation for Cloud Pak | =23.0.0 | |
| <=21.0.0 - 21.0.7, 23.0.0 | ||
| <=21.0.0 - 21.0.7, 23.0.0 | ||
| <=< 23.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this IBM Robotic Process Automation vulnerability?
The vulnerability ID for this IBM Robotic Process Automation vulnerability is CVE-2022-46773.
What is the severity level of the IBM Robotic Process Automation vulnerability (CVE-2022-46773)?
The severity level of the IBM Robotic Process Automation vulnerability (CVE-2022-46773) is medium.
Which versions of IBM Robotic Process Automation are affected by the vulnerability (CVE-2022-46773)?
IBM Robotic Process Automation versions 21.0.0 - 21.0.7 and 23.0.0 are affected by the vulnerability (CVE-2022-46773).
How can the vulnerability (CVE-2022-46773) be exploited?
The vulnerability (CVE-2022-46773) can be exploited through client-side validation bypass for credential pools, allowing the creation of invalid credential pools.
Is there a fix available for the IBM Robotic Process Automation vulnerability (CVE-2022-46773)?
Yes, IBM has provided a fix for the IBM Robotic Process Automation vulnerability (CVE-2022-46773). Please refer to the IBM support pages for more information.
- agent/references
- agent/type
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/remedy
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/trending
- agent/tags
- agent/source
- vendor/ibm
- canonical/ibm robotic process automation
- version/ibm robotic process automation/21.0.0
- version/ibm robotic process automation/23.0.0
- canonical/ibm robotic process automation as a service
- canonical/ibm robotic process automation for cloud pak
- version/ibm robotic process automation for cloud pak/21.0.0
- version/ibm robotic process automation for cloud pak/23.0.0
- version/ibm robotic process automation/21.0.0 - 21.0.7, 23.0.0
- version/ibm robotic process automation for cloud pak/21.0.0 - 21.0.7, 23.0.0
- version/ibm robotic process automation as a service/< 23.0.1