PT-2023-5442 · Ibm · Ibm Robotic Process Automation For Cloud Pak
Published
2023-06-27
·
Updated
2024-11-06
·
CVE-2023-22593
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Robotic Process Automation for Cloud Pak versions 21.0.1 through 21.0.7.3
IBM Robotic Process Automation for Cloud Pak versions 23.0.0 through 23.0.3
Description
The issue is related to security misconfiguration of the Redis container, which may provide elevated privileges. This is due to errors in security settings.
Recommendations
For versions 21.0.1 through 21.0.7.3, update to a version outside of this range to resolve the security misconfiguration issue.
For versions 23.0.0 through 23.0.3, update to a version outside of this range to resolve the security misconfiguration issue.
As a temporary workaround, consider restricting access to the Redis container to minimize the risk of exploitation.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Robotic Process Automation For Cloud Pak