CVE-2023-40370 : What You Need to Know

Understanding CVE-2023-40370

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled.

What is CVE-2023-40370?

CVE-2023-40370 is a vulnerability found in IBM Robotic Process Automation where an attacker can gain access to script content through information disclosure.

The Impact of CVE-2023-40370

The vulnerability can lead to unauthorized access to sensitive script content, potentially compromising the confidentiality of the data handled by the affected systems.

Technical Details of CVE-2023-40370

Vulnerability Description

The vulnerability in IBM Robotic Process Automation allows for the disclosure of script content when the remote REST request computer policy is enabled.

Affected Systems and Versions

Product: Robotic Process Automation
Vendor: IBM
Vulnerable Versions: 21.0.0 through 21.0.7.1

Exploitation Mechanism

The vulnerability can be exploited by attackers with network access to the affected systems, allowing them to retrieve sensitive script content.

Mitigation and Prevention

Immediate Steps to Take

To mitigate the risk associated with CVE-2023-40370, it is recommended to disable the remote REST request computer policy in IBM Robotic Process Automation versions 21.0.0 through 21.0.7.1.

Long-Term Security Practices

Ensure regular security updates and vulnerability assessments are conducted to identify and address any potential vulnerabilities in the system.

Patching and Updates

Refer to the IBM support page here for patches and updates related to CVE-2023-40370.