Ibm Robotic Process Automation
45 CVEs affecting Ibm Robotic Process Automation. Latest disclosed: 2025-04-14. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-30616 | High | 8.0 | 2022-07-31 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulati… |
CVE-2024-51448 | Medium | 6.7 | 2025-01-18 | IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the inst… |
CVE-2023-38734 | Medium | 6.6 | 2023-08-22 | IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an… |
CVE-2024-49824 | Medium | 6.5 | 2025-01-18 | IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18… |
CVE-2023-45189 | Medium | 6.5 | 2023-11-03 | A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result… |
CVE-2022-41294 | Medium | 6.5 | 2022-10-06 | IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236… |
CVE-2022-36774 | Medium | 6.5 | 2022-10-06 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IB… |
CVE-2024-49825 | Medium | 6.3 | 2025-04-14 | IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session aft… |
CVE-2022-38709 | Medium | 6.1 | 2022-10-06 | IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitra… |
CVE-2022-22503 | Medium | 6.1 | 2022-10-06 | IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious We… |
CVE-2024-51456 | Medium | 5.9 | 2025-01-12 | IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed t… |
CVE-2023-22863 | Medium | 5.9 | 2023-01-18 | IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could… |
CVE-2022-34338 | Medium | 5.8 | 2022-07-31 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types… |
CVE-2022-22502 | Medium | 5.4 | 2022-06-24 | IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in t… |
CVE-2023-43058 | Medium | 5.3 | 2023-10-06 | IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527. |
CVE-2022-33169 | Medium | 5.3 | 2022-07-31 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Forc… |
CVE-2022-22414 | Medium | 5.1 | 2022-06-20 | IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 22… |
CVE-2022-33954 | Medium | 4.6 | 2024-12-19 | IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insuffi… |
CVE-2022-22506 | Medium | 4.6 | 2024-02-12 | IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293. |
CVE-2022-41740 | Medium | 4.6 | 2023-01-05 | IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from sys… |