What is CVE-2023-23476?

CVE-2023-23476 is a low-severity vulnerability in Ibm Robotic Process Automation, classified under Incorrect Authorization. CVSS score: 3.1/10. Published 2023-08-02.

How severe is CVE-2023-23476?

Low severity. CVSS v3 base score is 3.1 out of 10.

Auth bypass in Ibm Robotic Process Automation

CVE-2023-23476

IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425.

Vulnerability class: Broken Access Control

EPSS: 0.001 (24.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.1 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Ibm Robotic Process Automation — versions 21.0.0
Ibm Robotic Process Automation For Cloud Pak — versions 21.0.0

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

www.ibm.com/support/pages/node/7017490 (vendor-advisory)
exchange.xforce.ibmcloud.com/vulnerabilities/245425 (vdb-entry)

Frequently asked questions

What is CVE-2023-23476?: CVE-2023-23476 is a low-severity vulnerability in Ibm Robotic Process Automation, classified under Incorrect Authorization. CVSS score: 3.1/10. Published 2023-08-02.
How severe is CVE-2023-23476?: Low severity. CVSS v3 base score is 3.1 out of 10.