CVE-2023-35901: IBM Robotic Process Automation security bypass
First published: Sat Jul 15 2023(Updated: )
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.
Credit: psirt@us.ibm.com psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Robotic Process Automation | <=21.0.0 - 21.0.7.6, 23.0.0 - 23.0.6 | |
| IBM Robotic Process Automation for Cloud Pak | <=21.0.0 - 21.0.7.6, 23.0.0 - 23.0.6 | |
| IBM Robotic Process Automation as a Service | <=21.0.0 - 21.0.7.6, 23.0.0 - 23.0.6 | |
| IBM Robotic Process Automation | >=21.0.0<=21.0.7.6 | |
| IBM Robotic Process Automation | >=23.0.0<=23.0.6 | |
| IBM Robotic Process Automation as a Service | >=21.0.0<=21.0.7.6 | |
| IBM Robotic Process Automation for Cloud Pak | >=21.0.0<=21.0.7.6 | |
| IBM Robotic Process Automation for Cloud Pak | >=23.0.0<=23.0.6 | |
| Redhat Openshift | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-35901?
The severity of CVE-2023-35901 is medium with a severity value of 5.3.
What is the affected software for CVE-2023-35901?
The affected software for CVE-2023-35901 is IBM Robotic Process Automation versions 21.0.0 - 21.0.7.6 and 23.0.0 - 23.0.6.
What is client side validation bypass vulnerability in IBM Robotic Process Automation?
The client side validation bypass vulnerability in IBM Robotic Process Automation allows for invalid changes or values in some fields.
How can I fix client side validation bypass vulnerability in IBM Robotic Process Automation?
To fix the client side validation bypass vulnerability in IBM Robotic Process Automation, update to a version beyond 23.0.6 or apply the necessary patches provided by IBM.
Where can I find more information about CVE-2023-35901?
You can find more information about CVE-2023-35901 on the IBM X-Force Exchange website and the IBM support pages.
- collector/nvd-latest
- agent/author
- agent/references
- agent/type
- agent/first-publish-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/weakness
- agent/remedy
- agent/softwarecombine
- agent/description
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/tags
- agent/trending
- vendor/ibm
- canonical/ibm robotic process automation
- version/ibm robotic process automation/21.0.0
- version/ibm robotic process automation/21.0.7.6
- version/ibm robotic process automation/23.0.0
- version/ibm robotic process automation/23.0.6
- canonical/ibm robotic process automation as a service
- version/ibm robotic process automation as a service/21.0.0
- version/ibm robotic process automation as a service/21.0.7.6
- canonical/ibm robotic process automation for cloud pak
- version/ibm robotic process automation for cloud pak/21.0.0
- version/ibm robotic process automation for cloud pak/21.0.7.6
- version/ibm robotic process automation for cloud pak/23.0.0
- version/ibm robotic process automation for cloud pak/23.0.6
- vendor/redhat
- canonical/redhat openshift
- vendor/microsoft
- canonical/microsoft windows
- version/ibm robotic process automation/21.0.0 - 21.0.7.6, 23.0.0 - 23.0.6
- version/ibm robotic process automation for cloud pak/21.0.0 - 21.0.7.6, 23.0.0 - 23.0.6
- version/ibm robotic process automation as a service/21.0.0 - 21.0.7.6, 23.0.0 - 23.0.6