Vulnerability Details
Basic Information
| Title | Security Bulletin: IBM Robotic Process Automation is vulnerable to insufficiently protected credential for users created via bulk upload (CVE-2022-33169) |
|---|---|
| Type | ibm |
| Published | 2025-04-29T02:22:26 |
| Last Seen | 2025-04-29T11:06:08 |
| CVSS Score | 6.5 (MEDIUM) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | NONE |
| Availability Impact | NONE |
CVE Information
| CVE IDs | CVE-2022-33169 |
|---|---|
| CWE | |
| Bulletin Family | software |
Description
Security Bulletin: IBM Robotic Process Automation is vulnerable to insufficiently protected credential for users created via bulk upload (CVE-2022-33169)
## Vulnerability Details
**CVEID:**CVE-2022-33169
**DESCRIPTION:** IBM Robotic Process Automation is vulnerable to insufficiently protected credentials for users created via a bulk upload.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228888 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)
## Affected Products and Versions
Affected Product(s) | Version(s)
—|—
IBM Robotic Process Automation | < 21.0.3
IBM Robotic Process Automation for Cloud Pak | < 21.0.3
IBM Robotic Process Automation as a Service | All
## Remediation/Fixes
**IBM strongly recommends addressing the vulnerability now.** **Product(s)** | **Version(s)** | **Remediation/Fix/Instructions**
---|---|---
IBM Robotic Process Automation | < 21.0.3 | Download and install 21.0.3
IBM Robotic Process Auotmation for Cloud Pak | < 21.0.3 | Download and Install 21.0.3
IBM Robotic Process Automation as a Service | All | No action required as IBM Robotic Process Automation as a Service servers have been updated to 21.0.3 or higher.
## Workarounds and Mitigations
None
##
Impact Assessment
| Base Score | 6.5 |
|---|---|
| Severity | MEDIUM |