Vulnerability Details
Basic Information
| Title | Security Bulletin: IBM Robotic Process Automation is vulnerable to privilege escalation (CVE-2022-30616) |
|---|---|
| Type | ibm |
| Published | 2025-04-29T02:21:59 |
| Last Seen | 2025-04-29T11:06:04 |
| CVSS Score | 7.2 (HIGH) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | HIGH |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2022-30616 |
|---|---|
| CWE | |
| Bulletin Family | software |
Description
Security Bulletin: IBM Robotic Process Automation is vulnerable to privilege escalation (CVE-2022-30616)
## Vulnerability Details
**CVEID:**CVE-2022-30616
**DESCRIPTION:** IBM Robotic Process Automation could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs.
CVSS Base score: 8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227978 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
## Affected Products and Versions
Affected Product(s) | Version(s)
—|—
IBM Robotic Process Automation for Cloud Pak | < 21.0.3
IBM Robotic Process Automation as a Service | < 21.0.3
IBM Robotic Process Automation | < 21.0.3
## Remediation/Fixes
**IBM strongly recommends addressing the vulnerability now.** **Product(s)** | **Version(s)** | **Remediation/Fix/Instructions**
---|---|---
IBM Robotic Process Automation | < 21.0.3 | Update to 21.0.3 or higher
IBM Robotic Process Automation for Cloud Pak | < 21.0.3 | Update to 21.0.3 or higher
IBM Robotic Process Automation as a Service | < 21.0.3 | No action required as IBM Robotic Process Automation as a Service servers have been updated to 21.0.3 or higher.
## Workarounds and Mitigations
None
##
Impact Assessment
| Base Score | 7.2 |
|---|---|
| Severity | HIGH |