PT-2022-20208 · Ibm · Ibm Robotic Process Automation
Published
2022-07-31
·
Updated
2023-08-08
·
CVE-2022-30616
CVSS v3.1
8.0
High
| Vector | AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Robotic Process Automation versions 21.0.0 through 21.0.2
Description
The issue allows a privileged user to elevate their privilege to platform administrator through manipulation of APIs.
Recommendations
For versions 21.0.0 through 21.0.2, consider restricting access to APIs that can be manipulated to elevate privileges until a patch is available.
As a temporary workaround, limit the privileges of users who have access to the affected APIs.
Avoid using APIs that allow privilege elevation until the issue is resolved.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Robotic Process Automation