CVE-2023-45189

Name of the Vulnerable Software and Affected Versions IBM Robotic Process Automation versions 21.0.0 through 21.0.7.10 IBM Robotic Process Automation versions 23.0.0 through 23.0.10 IBM Robotic Process Automation for Cloud Pak versions 21.0.0 through 21.0.7.10 IBM Robotic Process Automation for Cloud Pak versions 23.0.0 through 23.0.10

Description A difficult to exploit issue may result in access to client vault credentials, allowing a low privileged attacker to programmatically access these credentials.

Recommendations For versions 21.0.0 through 21.0.7.10, update to a version outside of this range to mitigate the risk. For versions 23.0.0 through 23.0.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to client vault credentials until a patch is available. Restrict low privileged attackers' ability to programmatically access client vault credentials to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.