CVE-2023-35900 : IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.

Published 2023-07-19 01:15:11

Updated 2023-07-28 15:51:35

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2023-35900

IBM » Robotic Process Automation
Versions up to, including, (<=) 21.0.7.4
cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Openshift » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Robotic Process Automation
Versions from including (>=) 23.0.0 and up to, including, (<=) 23.0.5
cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Openshift » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Robotic Process Automation As A Service
Versions up to, including, (<=) 21.0.7.4
cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Openshift » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Robotic Process Automation As A Service
Versions from including (>=) 23.0.0 and up to, including, (<=) 23.0.5
cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Openshift » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Robotic Process Automation For Cloud Pak
Versions up to, including, (<=) 21.0.7.4
cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Openshift » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Robotic Process Automation For Cloud Pak
Versions from including (>=) 23.0.0 and up to, including, (<=) 23.0.5
cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Openshift » Version: N/A
When used together with: Microsoft » Windows » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-35900

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-35900

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	IBM Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2023-35900

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: psirt@us.ibm.com (Secondary)

References for CVE-2023-35900

https://exchange.xforce.ibmcloud.com/vulnerabilities/259368

IBM Robotic Process Automation information disclosure CVE-2023-35900 Vulnerability Report
VDB Entry;Vendor Advisory
https://www.ibm.com/support/pages/node/7010895

Security Bulletin: IBM Robotic Process Automation is vulnerable to disclosure of server version information (CVE-2023-35900)
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-35900

Products affected by CVE-2023-35900

Exploit prediction scoring system (EPSS) score for CVE-2023-35900

CVSS scores for CVE-2023-35900

CWE ids for CVE-2023-35900

References for CVE-2023-35900