Rewterz Threat Advisory – Multiple IBM Sterling B2B Integrator Standard Edition Vulnerabilities
January 6, 2023Rewterz Threat Advisory – CVE-2022-39164 – IBM AIX Vulnerability
January 6, 2023Rewterz Threat Advisory – Multiple IBM Sterling B2B Integrator Standard Edition Vulnerabilities
January 6, 2023Rewterz Threat Advisory – CVE-2022-39164 – IBM AIX Vulnerability
January 6, 2023Severity
Medium
Analysis Summary
CVE-2022-43844 CVSS:2.2
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak.
CVE-2022-43573 CVSS:3.1
IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects.
CVE-2022-41740 CVSS:4.6
IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory.
Impact
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-43844
- CVE-2022-43573
- CVE-2022-41740
Affected Vendors
IBM
Affected Products
- IBM Robotic Process Automation for Cloud Pak 21.0.3
- IBM Robotic Process Automation for Cloud Pak 20.12
- IBM Robotic Process Automation 20.12
- IBM Robotic Process Automation 21.0.6
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.