IBM Support

JR64942: SECURITY BULLETIN: IBM ROBOTIC PROCESS AUTOMATION IS VULNERABLETO SQL INJECTION (CVE-2022-22413)

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Summary
Security Bulletin: IBM Robotic Process Automation  is vulnerable
to  SQL Injection (CVE-2022-22413)

Vulnerability Details
CVEID:   CVE-2022-22413
DESCRIPTION:   IBM Robotic Process Automation is vulnerable to
SQL injection. A remote attacker could send specially crafted
SQL statements, which could allow the attacker to view, add,
modify or delete information in the back-end database.
CVSS Base score: 4.2
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/223022 for
the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L)

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* All                                                          *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* No additional information is available.                      *
*                                                              *
* PRODUCTS AFFECTED                                            *
* IBM Robotic Process Automation                               *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************

    



Problem conclusion


    

  • A fix for this APAR in IBM Robotic Process Automation is
available.
First fixed in IBM Robotic Process Automation 21.0.2.4 (21.0.2
IF004)

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    JR64942
    • 

  • Reported component name
    RPA
    • 

  • Reported component ID
    5737N5100
    • 

  • Reported release
    K00
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2022-05-12
    • 

  • Closed date
    2022-05-12
    • 

  • Last modified date
    2022-05-12
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    RPA
    • 

  • Fixed component ID
    5737N5100
    • 



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSC50T","label":"IBM Robotic Process Automation"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"K00"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            13 May 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback