What is CVE-2023-38718?

CVE-2023-38718 is a low-severity vulnerability in Ibm Robotic Process Automation, classified under Information Disclosure. CVSS score: 3.7/10. Published 2023-09-20.

How severe is CVE-2023-38718?

Low severity. CVSS v3 base score is 3.7 out of 10.

Information disclosure in Ibm Robotic Process Automation

CVE-2023-38718

IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.

Vulnerability class: Information Disclosure

EPSS: 0.001 (20.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Ibm Robotic Process Automation — versions 21.0.0, 23.0.0
Ibm Robotic Process Automation For Cloud Pak — versions 21.0.0, 23.0.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

www.ibm.com/support/pages/node/7031619 (vendor-advisory)
exchange.xforce.ibmcloud.com/vulnerabilities/261606 (vdb-entry)

Frequently asked questions

What is CVE-2023-38718?: CVE-2023-38718 is a low-severity vulnerability in Ibm Robotic Process Automation, classified under Information Disclosure. CVSS score: 3.7/10. Published 2023-09-20.
How severe is CVE-2023-38718?: Low severity. CVSS v3 base score is 3.7 out of 10.