Mariana Penna

**Name of the Vulnerable Software and Affected Versions** IBM Robotic Process Automation versions 21.0.0 through 21.0.7 **Description** The issue is related to insufficient protection of registration data in IBM Robotic Process Automation, which could allow a remote attacker to gain access to protected information. Specifically, an authenticated user could view sensitive information from application logs. **Recommendations** For IBM Robotic Process Automation versions 21.0.0 through 21.0.7, consider restricting access to application logs to minimize the risk of sensitive information disclosure until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IBM Robotic Process Automation versions 21.0.0 through 21.0.7.1 IBM Robotic Process Automation versions 23.0.0 through 23.0.1 **Description** The issue is related to incorrect privilege assignment when importing users from an LDAP directory, allowing a remote attacker to elevate their privileges. **Recommendations** For versions 21.0.0 through 21.0.7.1, update to a version outside of this range to resolve the issue. For versions 23.0.0 through 23.0.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the LDAP directory import functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IBM Robotic Process Automation versions 21.0.0 through 21.0.7.1 **Description** The issue is related to information disclosure of script content in IBM Robotic Process Automation when the remote REST request computer policy is enabled. This could allow a remote attacker to disclose protected information. **Recommendations** For versions 21.0.0 through 21.0.7.1, consider disabling the remote REST request computer policy as a temporary workaround until a patch is available. Restrict access to sensitive script content to minimize the risk of exploitation.

**Nome do software vulnerável e versões afetadas** IBM Robotic Process Automation, versões 21.0.0 a 21.0.2 **Descrição** A vulnerabilidade permite que um usuário acesse informações de um locatário às quais não deveria ter acesso. **Recomendações** Para as versões 21.0.0 a 21.0.2, no momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.