Description
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978.
CVSS breakdown
CVSS 3.0
User Interaction
None
Privileges Required
High
Attack Vector
Network
Availability
High
Confidentiality
High
Attack Complexity
High
Integrity
High
Scope
Changed
E
Unchanged
RC
Changed
RL
O
Affected products
- ibm / robotic_process_automation21.0.0 – 21.0.0
- ibm / robotic_process_automation21.0.1 – 21.0.1
- ibm / robotic_process_automation21.0.2 – 21.0.2