CVE-2023-22592 MEDIUM

CVE-2023-22592: IBM Robotic Process Automation for Cloud Pak insufficient permission settings

Vendor Ibm
Product Robotic Process Automation for Cloud Pak
Published January 18, 2023
Last update April 3, 2025

CVSS base score

4.0/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.

Key dates

02Disclosure timeline

January 18, 2023 CVE published
April 3, 2025 Record updated