CVE-2022-36116

Name of the Vulnerable Software and Affected Versions Blue Prism Enterprise versions 6.0 through 7.01

Description An issue allows an authenticated user to reverse engineer the software and circumvent access controls for the setValidationInfo administrative function in a misconfigured environment that exposes the Blue Prism Application server. This could increase the chance of successfully hiding malicious code that could be executed in a production environment.

Recommendations For Blue Prism Enterprise versions 6.0 through 7.01, consider restricting access to the setValidationInfo administrative function to minimize the risk of exploitation. Additionally, ensure proper configuration of the environment to prevent exposure of the Blue Prism Application server. At the moment, there is no information about a newer version that contains a fix for this vulnerability.