CVE-2022-36774

Name of the Vulnerable Software and Affected Versions IBM Robotic Process Automation versions 21.0.0 through 21.0.2

Description The issue is related to the configuration of IBM Robotic Process Automation, which is vulnerable to man-in-the-middle attacks through manipulation of the client proxy configuration. It is also associated with weaknesses in the authentication procedure, allowing a remote attacker to impact the integrity of protected information.

Recommendations For versions 21.0.0 through 21.0.2, consider restricting access to the client proxy configuration to minimize the risk of exploitation. As a temporary workaround, review and secure the authentication procedure to prevent potential manipulation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.