CVE-2023-22863

Name of the Vulnerable Software and Affected Versions IBM Robotic Process Automation versions 20.12.0 through 21.0.2

Description The issue allows an attacker to obtain sensitive information using man-in-the-middle techniques because some RPA commands default to HTTP when the prefix is not explicitly specified in the URL.

Recommendations For versions 20.12.0 through 21.0.2, ensure that all RPA commands explicitly specify the URL prefix to use a secure protocol, such as HTTPS, to prevent man-in-the-middle attacks. As a temporary workaround, consider restricting access to sensitive information until a patch is available.