CVE-2023-25680
CVSS V2 None
CVSS V3 None
Description
IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.
Overview
- CVE ID
- CVE-2023-25680
- Assigner
- psirt@us.ibm.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-15T20:15:10
- Last Modified Date
- 2023-03-19T03:55:27
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:* | 1 | OR | 21.0.6 | |
| cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:* | 1 | OR | 21.0.6 | |
| cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:* | 1 | OR | 21.0.1 | 21.0.6 |
References
| Reference URL | Reference Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/247032 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/6962207 | Patch Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-25680 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25680 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 06:31:22 | Added to TrackCVE | |||
| 2023-04-17 06:31:24 | Weakness Enumeration | new |