CVE-2023-35900: IBM Robotic Process Automation information disclosure
First published: Mon Jul 10 2023(Updated: )
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.
Credit: psirt@us.ibm.com psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Robotic Process Automation | <=<= 21.0.7.4, 23.0.0 - 23.0.5 | |
| IBM Robotic Process Automation for Cloud Pak | <=<= 21.0.7.4, 23.0.0 - 23.0.5 | |
| IBM Robotic Process Automation as a Service | <=<= 21.0.7.4, 23.0.0 - 23.0.5 | |
| IBM Robotic Process Automation | <=21.0.7.4 | |
| IBM Robotic Process Automation | >=23.0.0<=23.0.5 | |
| IBM Robotic Process Automation as a Service | <=21.0.7.4 | |
| IBM Robotic Process Automation as a Service | >=23.0.0<=23.0.5 | |
| IBM Robotic Process Automation for Cloud Pak | <=21.0.7.4 | |
| IBM Robotic Process Automation for Cloud Pak | >=23.0.0<=23.0.5 | |
| Redhat Openshift | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-35900.
What is the severity of CVE-2023-35900?
The severity of CVE-2023-35900 is medium with a CVSS score of 5.3.
Which IBM products are affected by CVE-2023-35900?
IBM Robotic Process Automation, IBM Robotic Process Automation for Cloud Pak, and IBM Robotic Process Automation as a Service are affected.
How can the vulnerability be exploited?
The vulnerability can be exploited to disclose server version information, which may be used to determine software vulnerabilities at the operating system level.
Where can I find more information about CVE-2023-35900?
You can find more information about CVE-2023-35900 at the IBM X-Force ID: 259368.
- collector/nvd-latest
- agent/references
- agent/author
- agent/type
- agent/first-publish-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/remedy
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/severity
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/tags
- agent/trending
- vendor/ibm
- canonical/ibm robotic process automation
- version/ibm robotic process automation/21.0.7.4
- version/ibm robotic process automation/23.0.0
- version/ibm robotic process automation/23.0.5
- canonical/ibm robotic process automation as a service
- version/ibm robotic process automation as a service/21.0.7.4
- version/ibm robotic process automation as a service/23.0.0
- version/ibm robotic process automation as a service/23.0.5
- canonical/ibm robotic process automation for cloud pak
- version/ibm robotic process automation for cloud pak/21.0.7.4
- version/ibm robotic process automation for cloud pak/23.0.0
- version/ibm robotic process automation for cloud pak/23.0.5
- vendor/redhat
- canonical/redhat openshift
- vendor/microsoft
- canonical/microsoft windows
- version/ibm robotic process automation/<= 21.0.7.4, 23.0.0 - 23.0.5
- version/ibm robotic process automation for cloud pak/<= 21.0.7.4, 23.0.0 - 23.0.5
- version/ibm robotic process automation as a service/<= 21.0.7.4, 23.0.0 - 23.0.5