CVE-2022-36118

Name of the Vulnerable Software and Affected Versions Blue Prism Enterprise versions 6.0 through 7.01

Description The issue allows an authenticated user to reverse engineer the software and circumvent access controls for the SetProcessAttributes administrative function in a misconfigured environment that exposes the Blue Prism Application server. This enables any user to publish, unpublish, or retire processes by changing the status of a process, an action intended only for users with the Edit Process permission.

Recommendations For Blue Prism Enterprise versions 6.0 through 7.01, consider restricting access to the SetProcessAttributes administrative function until a proper configuration or patch is available to prevent unauthorized users from changing process statuses. Additionally, ensure that the Blue Prism Application server is properly configured to prevent exposure and limit the potential for reverse engineering.