CVE-2023-22591

Name of the Vulnerable Software and Affected Versions IBM Robotic Process Automation versions 21.0.1 through 21.0.7 IBM Robotic Process Automation versions 23.0.0 through 23.0.1

Description The issue allows a user with physical access to the system due to session tokens not being invalidated after a password reset.

Recommendations For versions 21.0.1 through 21.0.7, update to a version that includes the fix for the session token invalidation issue. For versions 23.0.0 through 23.0.1, update to a version that includes the fix for the session token invalidation issue. As a temporary workaround, consider implementing additional authentication measures to minimize the risk of exploitation.