PT-2023-18573 · Ibm · Ibm Robotic Process Automation

Published

2023-03-15

Updated

2023-03-19

CVE-2023-22591

CVSS v3.1

3.9

Low

Vector

AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions IBM Robotic Process Automation versions 21.0.1 through 21.0.7 IBM Robotic Process Automation versions 23.0.0 through 23.0.1

Description The issue allows a user with physical access to the system due to session tokens not being invalidated after a password reset.

Recommendations For versions 21.0.1 through 21.0.7, update to a version that includes the fix for the session token invalidation issue. For versions 23.0.0 through 23.0.1, update to a version that includes the fix for the session token invalidation issue. As a temporary workaround, consider implementing additional authentication measures to minimize the risk of exploitation.

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2023-22591

Affected Products

Ibm Robotic Process Automation

PT-2023-18573 · Ibm · Ibm Robotic Process Automation

CVE-2023-22591

Weakness Enumeration

Related Identifiers

Affected Products

References · 7