CVE-2022-22433

Name of the Vulnerable Software and Affected Versions IBM Robotic Process Automation versions 21.0.1 through 21.0.2

Description The issue is caused by improper validation of user-supplied input, allowing a remote attacker to exploit the vulnerability and induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with.

Recommendations For versions 21.0.1 and 21.0.2, consider restricting access to the application to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the application for tasks that involve user-supplied input.