IBM Support

JR64681: MULTIPLE VULNERABILITIES IN IBM ROBOTIC PROCESS AUTOMATION

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • CVEID:   CVE-2021-26701
DESCRIPTION:   Microsoft .NET Core and Visual Studio could allow
a remote attacker to execute arbitrary code on the system. By
sending a specially crafted request, an attacker could exploit
this vulnerability to execute arbitrary code on the system with
elevated privileges.
CVSS Base score: 8.1
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/196358 for
the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2019-8331
DESCRIPTION:   Bootstrap is vulnerable to cross-site scripting,
caused by improper validation of user-supplied input by the
tooltip or popover data-template. A remote attacker could
exploit this vulnerability to execute script in a victim's Web
browser within the security context of the hosting Web site. An
attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/157409 for
the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* All                                                          *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* No additional information is available.                      *
*                                                              *
* PRODUCTS AFFECTED                                            *
* IBM Robotic Process Automation                               *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************

    



Problem conclusion


    

  • A fix that ports fixes for these open source packages to IBM
Robotic Process Automation is available.
First fixed in IBM Robotic Process Automation 21.0.1

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    JR64681
    • 

  • Reported component name
    RPA
    • 

  • Reported component ID
    5737N5100
    • 

  • Reported release
    K00
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2022-03-02
    • 

  • Closed date
    2022-03-02
    • 

  • Last modified date
    2022-03-02
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    RPA
    • 

  • Fixed component ID
    5737N5100
    • 



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSC50T","label":"IBM Robotic Process Automation"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"K00"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            03 March 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback