CVE-2023-45189
MEDIUMIBM Robotic Process Automation 21.0.0-21.0.7.10 & 23.0.0-23.0.10 Sensitive Information Exposure
Title source: llmDescription
A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/7065204
VDB Entry, Vendor Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/268752
Scores
CVSS v3
6.5
EPSS
0.0007
EPSS Percentile
20.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
ibm/robotic_process_automation_for_cloud_pak
21.0.0 - 21.0.7
Published
Nov 03, 2023
Tracked Since
Feb 18, 2026