CVE-2023-25680

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-25680
IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.

4.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/247032 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6962207 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/247032 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6962207 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*
History

21 Nov 2024, 07:49

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/247032 - VDB Entry, Vendor Advisory () https://exchange.xforce.ibmcloud.com/vulnerabilities/247032 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/6962207 - Patch, Vendor Advisory () https://www.ibm.com/support/pages/node/6962207 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : 6.5 		v2 : unknown
v3 : 4.2

07 Nov 2023, 04:09

Type Values Removed Values Added
Summary IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032. IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.
Information

Published : 2023-03-15 20:15

Updated : 2024-11-21 07:49

NVD link : CVE-2023-25680

Mitre link : CVE-2023-25680

CVE.ORG link : CVE-2023-25680

JSON object : View

Products Affected

ibm

  • robotic_process_automation_as_a_service
  • robotic_process_automation_for_cloud_pak
  • robotic_process_automation
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo