Medium Severity

Security Bulletin: IBM Robotic Process Automation could allow a user with physical access to create an API request modified to create additional objects (CVE-2022-22434)

May 4, 2022

Share this post:

IBM Robotic Process Automation could allow a user with physical access to create an API request modified to create additional objects

CVE(s): CVE-2022-22434

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM Robotic Process Automation	21.0.2
IBM Robotic Process Automation	21.0.1
IBM Robotic Process Automation as a Service	All

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6579959
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/224159

Medium Severity

Security Bulletin: IBM Robotic Process Automation is vulnerable to an issue where an API could be used to perform a DNS lookup via a third party provider.

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2022 – Includes Oracle April 2022 CPU (minus CVE-2022-21426)affects IBM Security Verify Governance, Identity Manager virtual appliance component

August 17, 2022 | Medium Severity

IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the applicable CVE. ...read more

Security Bulletin: Samba for IBM i is vulnerable to attacker obtaining sensitive information due to a memory leak with SMB1 requests (CVE-2022-32742)

August 17, 2022 | Medium Severity

Samba for IBM i is vulnerable to an attacker obtaining sensitive information due to a memory leak handling SMB1 requests as described in the vulnerability details section. IBM i has addressed the vulnerability in Samba with a fix as described in the remediation/fixes section. ...read more

Security Bulletin: A security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-21496)

August 16, 2022 | Medium Severity

IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. ...read more

Medium Severity

Security Bulletin: IBM Robotic Process Automation could allow a user with physical access to create an API request modified to create additional objects (CVE-2022-22434)

Security Bulletin: IBM Robotic Process Automation is vulnerable to an issue where an API could be used to perform a DNS lookup via a third party provider.

Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2022 – Includes Oracle April 2022 CPU (minus CVE-2022-21426)affects IBM Security Verify Governance, Identity Manager virtual appliance component

August 17, 2022 | Medium Severity

Security Bulletin: Samba for IBM i is vulnerable to attacker obtaining sensitive information due to a memory leak with SMB1 requests (CVE-2022-32742)

August 17, 2022 | Medium Severity

Security Bulletin: A security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-21496)

August 16, 2022 | Medium Severity