PT-2023-5440 · Ibm · Ibm Robotic Process Automation For Cloud Pak
Published
2023-06-27
·
Updated
2023-07-05
·
CVE-2023-23468
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Robotic Process Automation for Cloud Pak versions 21.0.1 through 21.0.7.3
IBM Robotic Process Automation for Cloud Pak versions 23.0.0 through 23.0.3
Description
The issue is related to insufficient security configuration, which may allow the creation of namespaces within a cluster. This could potentially enable an attacker to modify the cluster configuration.
Recommendations
For versions 21.0.1 through 21.0.7.3, update to a version outside of this range to resolve the issue.
For versions 23.0.0 through 23.0.3, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider restricting access to cluster configuration settings until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Robotic Process Automation For Cloud Pak