CVE-2022-38710 - OpenCVE

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:ibm:robotic_process_automation::::::::
	cpe:2.3:a:ibm:robotic_process_automation_as_a_service::::::::
	cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak::::::::

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/234292
https://www.ibm.com/support/pages/node/6831681

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2022-11-03T00:00:00

Updated: 2024-08-03T11:02:14.414Z

Reserved: 2022-08-23T00:00:00

Link: CVE-2022-38710

Vulnrichment

Updated: 2024-08-03T11:02:14.414Z

NVD

Status : Modified

Published: 2022-11-03T20:15:29.553

Modified: 2024-07-03T01:38:43.047

Link: CVE-2022-38710

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-38710", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "dateUpdated": "2024-08-03T11:02:14.414Z", "dateReserved": "2022-08-23T00:00:00", "datePublished": "2022-11-03T00:00:00"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Robotic Process Automation", "vendor": "IBM", "versions": [{"status": "affected", "version": "21.0.1, 21.0.2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.</p>"}], "value": "IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.\n\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-04-18T03:18:33.946Z"}, "references": [{"url": "https://www.ibm.com/support/pages/node/6831681"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234292"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Robotic Process Automation information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-38710", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T15:48:31.215663Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "robotic_process_automation", "versions": [{"status": "affected", "version": "21.0.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ibm:robotic_process_automation:21.0.2:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "robotic_process_automation", "versions": [{"status": "affected", "version": "21.0.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:16:49.161Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:02:14.414Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/6831681", "tags": ["x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234292", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/6831681", "tags": ["x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234292", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:02:14.414Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-38710", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T15:48:31.215663Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "robotic_process_automation", "versions": [{"status": "affected", "version": "21.0.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ibm:robotic_process_automation:21.0.2:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "robotic_process_automation", "versions": [{"status": "affected", "version": "21.0.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-29T15:37:39.022Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "IBM Robotic Process Automation information disclosure", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "IBM", "product": "Robotic Process Automation", "versions": [{"status": "affected", "version": "21.0.1, 21.0.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/6831681"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234292"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-04-18T03:18:33.946Z"}}}, "cveMetadata": {"cveId": "CVE-2022-38710", "state": "PUBLISHED", "dateUpdated": "2024-08-03T11:02:14.414Z", "dateReserved": "2022-08-23T00:00:00", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2022-11-03T00:00:00", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD41B712-3818-4AFA-8A03-64E8B51809F0", "versionEndExcluding": "21.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9758FDC-C224-4EB3-8D42-409F4CBE6442", "versionEndExcluding": "21.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", "matchCriteriaId": "034C5D78-A9CB-4A27-A2BF-1E7A1EB1318A", "versionEndExcluding": "21.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.\n\n"}, {"lang": "es", "value": "\"IBM Robotic Process Automation 21.0.1 y 21.0.2 podr\u00edan revelar informaci\u00f3n confidencial de la versi\u00f3n que podr\u00eda ayudar en futuros ataques contra el sistema. IBM X-Force ID: 234292\"."}], "id": "CVE-2022-38710", "lastModified": "2024-07-03T01:38:43.047", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-11-03T20:15:29.553", "references": [{"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234292"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6831681"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "psirt@us.ibm.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Secondary"}]}