CVE-2022-38710 - Vulnerability Details - OpenCVE

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Ibm	Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:robotic_process_automation::::::::
	cpe:2.3:a:ibm:robotic_process_automation_as_a_service::::::::
	cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/234292
https://www.ibm.com/support/pages/node/6831681

History

Sat, 21 Sep 2024 10:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-319
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 21 Sep 2024 10:00:00 +0000

Type	Values Removed	Values Added
Description	IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.	IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292.
Weaknesses		CWE-497
CPEs		cpe:2.3:a:ibm:robotic_process_automation:21.0.1:::::::* cpe:2.3:a:ibm:robotic_process_automation:21.0.2:::::::*

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2022-11-03T00:00:00

Updated: 2024-09-25T18:15:08.879Z

Reserved: 2022-08-23T00:00:00

Link: CVE-2022-38710

Vulnrichment

Updated: 2024-08-03T11:02:14.414Z

NVD

Status : Modified

Published: 2022-11-03T20:15:29.553

Modified: 2024-11-21T07:16:58.650

Link: CVE-2022-38710

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-38710", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "dateUpdated": "2024-09-25T18:15:08.879Z", "dateReserved": "2022-08-23T00:00:00", "datePublished": "2022-11-03T00:00:00"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:robotic_process_automation:21.0.2:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Robotic Process Automation", "vendor": "IBM", "versions": [{"status": "affected", "version": "21.0.1, 21.0.2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292."}], "value": "IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "CWE-497 Exposure of System Data to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-09-21T09:46:16.221Z"}, "references": [{"url": "https://www.ibm.com/support/pages/node/6831681"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234292"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Robotic Process Automation information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-25T18:13:45.877396Z", "id": "CVE-2022-38710", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T18:15:08.879Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:02:14.414Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/6831681", "tags": ["x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234292", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/6831681", "tags": ["x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234292", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:02:14.414Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-38710", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-25T18:13:45.877396Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-29T15:37:39.022Z"}}], "cna": {"title": "IBM Robotic Process Automation information disclosure", "source": {"discovery": "UNKNOWN"}, "affected": [{"cpes": ["cpe:2.3:a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:robotic_process_automation:21.0.2:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Robotic Process Automation", "versions": [{"status": "affected", "version": "21.0.1, 21.0.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/6831681"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234292"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292.", "supportingMedia": [{"type": "text/html", "value": "IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-497", "description": "CWE-497 Exposure of System Data to an Unauthorized Control Sphere"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-09-21T09:46:16.221Z"}}}, "cveMetadata": {"cveId": "CVE-2022-38710", "state": "PUBLISHED", "dateUpdated": "2024-09-25T18:15:08.879Z", "dateReserved": "2022-08-23T00:00:00", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2022-11-03T00:00:00", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD41B712-3818-4AFA-8A03-64E8B51809F0", "versionEndExcluding": "21.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9758FDC-C224-4EB3-8D42-409F4CBE6442", "versionEndExcluding": "21.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", "matchCriteriaId": "034C5D78-A9CB-4A27-A2BF-1E7A1EB1318A", "versionEndExcluding": "21.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292."}, {"lang": "es", "value": "\"IBM Robotic Process Automation 21.0.1 y 21.0.2 podr\u00edan revelar informaci\u00f3n confidencial de la versi\u00f3n que podr\u00eda ayudar en futuros ataques contra el sistema. IBM X-Force ID: 234292\"."}], "id": "CVE-2022-38710", "lastModified": "2024-11-21T07:16:58.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-11-03T20:15:29.553", "references": [{"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234292"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6831681"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234292"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6831681"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "psirt@us.ibm.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Secondary"}]}