Описание
IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 21.0.0 (включая) до 21.0.7.20 (включая)Версия от 23.0.0 (включая) до 23.0.20 (включая)Версия от 21.0.0 (включая) до 21.0.7.20 (включая)Версия от 23.0.0 (включая) до 23.0.20 (включая)
Одно из
cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00053
Низкий
6.3 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-613
Связанные уязвимости
CVSS3: 6.3
github
10 месяцев назад
IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
EPSS
Процентиль: 17%
0.00053
Низкий
6.3 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-613