ByteOS Network

Vulnerability Details :

CVE-2023-38734

Assigner-ibm

Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522

Published At-22 Aug, 2023 | 21:18

Updated At-03 Oct, 2024 | 13:28

IBM Robotic Process Automation privilege escalation

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:ibm

Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522

Published At:22 Aug, 2023 | 21:18

Updated At:03 Oct, 2024 | 13:28

▼CVE Numbering Authority (CNA)

IBM Robotic Process Automation privilege escalation

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.

Affected Products

Vendor

IBM Corporation

Product

Robotic Process Automation

Default Status

unaffected

Versions

Affected

From 21.0.0 through 21.0.7.1 (semver)
From 23.0.0 through 23.0.1 (semver)

Problem Types

Type	CWE ID	Description
N/A	N/A	266 Incorrect Privilege Assignment

Type: N/A

CWE ID: N/A

Description: 266 Incorrect Privilege Assignment

Metrics

Version	Base score	Base severity	Vector
3.1	6.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 6.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

References

Hyperlink	Resource
https://www.ibm.com/support/pages/node/7028227	vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/262481	vdb-entry

Hyperlink: https://www.ibm.com/support/pages/node/7028227

Resource:

vendor-advisory

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/262481

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.ibm.com/support/pages/node/7028227	vendor-advisory x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/262481	vdb-entry x_transferred

Hyperlink: https://www.ibm.com/support/pages/node/7028227

Resource:

vendor-advisory

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/262481

Resource:

vdb-entry

x_transferred

2. CISA ADP Vulnrichment

Affected Products

Vendor

IBM Corporation

Product

robotic_process_automation

CPEs

cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*

Default Status

unaffected

Versions

Affected

From 21.0.0 through 21.0.7.1 (semver)
From 23.0.0 through 23.0.1 (semver)

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@us.ibm.com

Published At:22 Aug, 2023 | 22:15

Updated At:26 Aug, 2023 | 02:25

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	6.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 6.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-269	Primary	nvd@nist.gov

CWE ID: CWE-269

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/262481	psirt@us.ibm.com	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7028227	psirt@us.ibm.com	Patch Vendor Advisory

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/262481

Source: psirt@us.ibm.com

Resource:

VDB Entry

Vendor Advisory

Hyperlink: https://www.ibm.com/support/pages/node/7028227

Source: psirt@us.ibm.com

Resource:

Patch

Vendor Advisory

CVE-2023-38734

Credits

IBM Robotic Process Automation privilege escalation

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs