PT-2023-20240 · Ibm · Ibm Robotic Process Automation

Luciano Dutra

Publicado

2023-03-15

Atualizado

2023-03-19

CVE-2023-25680

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Robotic Process Automation versions 21.0.1 through 21.0.5

Description The issue is related to insufficient protection of credentials. Specifically, Queue Provider credentials are not obfuscated while editing queue provider details.

Recommendations For IBM Robotic Process Automation versions 21.0.1 through 21.0.5, consider restricting access to queue provider details until a fix is available. As a temporary workaround, limit editing of queue provider details to minimize the risk of credential exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2023-25680

Produtos afetados

Ibm Robotic Process Automation

PT-2023-20240 · Ibm · Ibm Robotic Process Automation

CVE-2023-25680

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7