Security Bulletin: IBM Robotic Process Automation is vulnerable to Clickjacking (CVE-2022-22503)

IBM Robotic Process Automation could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.

## Vulnerability Details

**CVEID:**CVE-2022-22503
**DESCRIPTION:** IBM Robotic Process Automation could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227125 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

## Affected Products and Versions

Affected Product(s) | Version(s)
—|—
IBM Robotic Process Automation | < 21.0.1 IBM Robotic Process Automation as a Service | < 21.0.1 ## Remediation/Fixes **IBM strongly recommends addressing the vulnerability now.** **Product(s)** | **Version(s) number and/or range** | **Remediation/Fix/Instructions** ---|---|--- IBM Robotic Process Automation | < 21.0.1 | Download 21.0.1 and follow instructions. IBM Robotic Process Automation as a Service | < 21.0.1 | All IBM Robotic Process Automation as a Service servers have been updated to 21.0.1 or higher. ## Workarounds and Mitigations None ##