CVE-2022-36117

Name of the Vulnerable Software and Affected Versions Blue Prism Enterprise versions 6.0 through 7.01

Description The issue allows an authenticated user to reverse engineer the software and bypass access controls for an administrative function in a misconfigured environment where the Blue Prism Application server is exposed. If credential access is configured to be accessible by a machine or the runtime resource security group, an attacker can spoof a known machine and request known encrypted credentials to decrypt later.

Recommendations For Blue Prism Enterprise versions 6.0 through 7.01, consider restricting access to the administrative function and ensure proper configuration of the environment to prevent exposure of the Blue Prism Application server. As a temporary workaround, restrict the accessibility of credential access to prevent attackers from spoofing known machines and requesting encrypted credentials.