CVE-2022-35280
CRITICALIBM Robotic Process Automation <21.0.3 - Info Disclosure
Title source: llmDescription
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634.
References (2)
Core 2
Core References
Broken Link x_refsource_confirm
https://www.ibm.com/support/pages/node/6610393
Broken Link vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/230634
Scores
CVSS v3
9.8
EPSS
0.0067
EPSS Percentile
46.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-521
Status
published
Products (3)
ibm/robotic_process_automation_for_cloud_pak
21.0.0
ibm/robotic_process_automation_for_cloud_pak
21.0.1
ibm/robotic_process_automation_for_cloud_pak
21.0.2
Published
Aug 10, 2022
Tracked Since
Feb 18, 2026