1. Home
  2. CVE Database
  3. CVE-2023-22591
LOW · 3.9

CVE-2023-22591

IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password re...

Vulnerability Description

IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.

CVSS Score

3.9

LOW

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
IbmRobotic Process Automation>= 21.0.1, < 21.0.7.1
IbmRobotic Process Automation As A Service< 23.0.2

Related Weaknesses (CWE)

CWE-613

References

FAQ

What is CVE-2023-22591?

CVE-2023-22591 is a vulnerability with a CVSS score of 3.9 (LOW). IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password re...

How severe is CVE-2023-22591?

CVE-2023-22591 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-22591?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Robotic Process Automation, Ibm Robotic Process Automation As A Service.