PT-2023-20240 · Ibm · Ibm Robotic Process Automation
Luciano Dutra
·
Published
2023-03-15
·
Updated
2023-03-19
·
CVE-2023-25680
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Robotic Process Automation versions 21.0.1 through 21.0.5
Description
The issue is related to insufficient protection of credentials. Specifically, Queue Provider credentials are not obfuscated while editing queue provider details.
Recommendations
For IBM Robotic Process Automation versions 21.0.1 through 21.0.5, consider restricting access to queue provider details until a fix is available. As a temporary workaround, limit editing of queue provider details to minimize the risk of credential exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Robotic Process Automation