CVE-2023-22593 - OpenCVE

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Robotic Process Automation
Redhat	Openshift

Configuration 1 [-]

AND

cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:ibm:robotic_process_automation::::::::
	cpe:2.3:a:ibm:robotic_process_automation::::::::

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/244074
https://www.ibm.com/support/pages/node/7006001

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2023-06-27T18:00:38.347Z

Updated: 2024-08-02T10:13:49.124Z

Reserved: 2023-01-03T19:19:41.133Z

Link: CVE-2023-22593

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-06-27T19:15:09.187

Modified: 2023-07-05T16:28:23.427

Link: CVE-2023-22593

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22593", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-01-03T19:19:41.133Z", "datePublished": "2023-06-27T18:00:38.347Z", "dateUpdated": "2024-08-02T10:13:49.124Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Robotic Process Automation for Cloud Pak", "vendor": "IBM", "versions": [{"lessThanOrEqual": "21.0.7.3", "status": "affected", "version": "21.0.1", "versionType": "semver"}, {"lessThanOrEqual": "23.0.3", "status": "affected", "version": "23.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.</span>\n\n"}], "value": "\nIBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "16 Configuration", "lang": "en"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2023-06-27T18:00:38.347Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7006001"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244074"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Robotic Process Automation for Cloud Pak security configuration", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:49.124Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7006001"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244074"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", "matchCriteriaId": "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5BAAF00-D394-4243-807A-A6D41125EC4B", "versionEndIncluding": "21.0.7.3", "versionStartIncluding": "21.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", "matchCriteriaId": "F513AA2B-F457-408B-8D5F-EBE657439000", "versionEndIncluding": "23.0.3", "versionStartIncluding": "23.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nIBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.\n\n"}], "id": "CVE-2023-22593", "lastModified": "2023-07-05T16:28:23.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 2.5, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2023-06-27T19:15:09.187", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244074"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7006001"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}