CVE-2023-22863 MEDIUM

CVE-2023-22863: IBM Robotic Process Automation information disclosure

Vendor Ibm
Product Robotic Process Automation
Weakness CWE-319 · Cleartext transmission
Published January 18, 2023
Last update April 3, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.

Key dates

02Disclosure timeline

January 18, 2023 CVE published
April 3, 2025 Record updated