#VU81626 Improper Privilege Management in IBM Robotic Process Automation


Published: 2023-10-05

Vulnerability identifier: #VU81626

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38734

CWE-ID: CWE-269

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM Robotic Process Automation
Server applications / Other server solutions

Vendor: IBM Corporation

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management. A local user can trigger the vulnerability and escalate privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM Robotic Process Automation: 21.0.0 - 23.0.1

External links
http://www.ibm.com/support/pages/node/7028227
http://exchange.xforce.ibmcloud.com/vulnerabilities/262481

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Improper privilege management in IBM Robotic Process Automation