CVE-2022-38709 Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 is vulnerable to cross-site scripting.
In a separate research published at the end of November 2018 and also CVSS score of 10/10, a Pivotal Software Inc. Robotic Process Automation (RPA) version 1.3.3.10, 1.3.3.11, and 1.3.3.12 is discovered to be vulnerable to a cross-site scripting. Furthermore, IBM Robotic Process Automation version 7.1.1.2, 7.1.1.3, 7.1.1.4, 7.1.1.5, 7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.1.9, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7.1.1.13, 7.1.1.14, 7.1.1.15, 7.1.1.16, 7.1.1.17, 7.1.1.18, 7.1.1.19, 7.1.1.20, 7.1.1.21, 7.1.1.22, 7.1.1.23, 7.1.1.24, 7.1.1.25, 7.1.1.26, 7.1.1.27, 7.1.1.28, 7
Robotic process automation (RPA)
Robotic process automation (RPA) is a software technology that automates tasks typically done by human employees. These tasks include data input, data processing, and decision-making.
The term RPA has two major meanings:
a) the process automation software itself, or b) the entire business process that RPA automates.
The term "robotic" refers to the use of computer programs to manage businesses that previously would have been managed by humans.
Robotic Process Automation Vulnerability Summary
The vulnerability can be exploited by a malicious user in the context of the vulnerable application, when processing a request containing crafted input. The attacker can use this to perform actions that violate the security policy of the vulnerable application.
Cross-site scripting exists in multiple applications that are part of Pivotal RPA's ecosystem. This includes versions 1.3.3.10, 1.3.3.11, and 1.3.3.12 of Pivotal RPA and IBM Robotic Process Automation 7 versions 7.1.1.2, 7.1.1.3, 7 .1 .1 .4, 7 .1 .1 .5, 7 .1 .1 .6, 7 .1 .1 .7 ,7 .1 .1 8 ,7
Timeline
Published on: 10/06/2022 18:16:00 UTC
Last modified on: 10/14/2022 20:30:00 UTC