Home / Security updates / UIPS-2022-001 - Security Advisory - UiPath Orchestrator - Robot Account Takeover
UIPS-2022-001 - Security Advisory - UiPath Orchestrator - Robot Account Takeover
Security updates detail rendered from /security-updates/upd_c940b0194c10aa91.
Overview
| ID | upd_c940b0194c10aa91 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | UiPath |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_c940b0194c10aa91 |
| providerId | safebase |
| organizationId | org_33d000fdc8a62017 |
| trustCenterId | tc_7d7ee18589030c52 |
| title | UIPS-2022-001 - Security Advisory - UiPath Orchestrator - Robot Account Takeover |
| message | **Title: UiPath Orchestrator - Robot Account Takeover** Publish Date: April 7, 2022 Version: 1.0 General Information Affected Versions: Orchestrator 2019.10 to 2019.10.22 Orchestrator 2020.10 to 2020.10.15 Orchestrator 2021.4 to 2021.4.3 Orchestrator 2021.10 to 2021.10.3 Orchestrator within Automation Suite 2021.10 to 2021.10.3 Automation Cloud CVSS Score: 8.3 Details: The vulnerability allows an attacker with privileged access to a robot to retrieve the LicenseKey (MachineKey) of other robots within the same tenant by brute forcing API calls to Orchestrator. This would theoretically allow the attacker to access resources restricted only to that robot. *Links to release notes have been removed as no version is still in support when migrating this advisory to https://trust.uipath.com on November 21, 2025. Links below have been replaced with the latest version of each product affected.* [Latest Version of Orchestrator](https://download.uipath.com/UiPathOrchestrator.msi) [Latest Vers |
| url | - |
| publishedAt | 2025-11-21 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_33d000fdc8a62017",
"name": "UiPath",
"domains": [
"trust.uipath.com",
"uipath.com"
]
} |
| trust_center | {
"id": "tc_7d7ee18589030c52",
"name": "UiPath",
"url": "https://trust.uipath.com",
"host": "trust.uipath.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_c940b0194c10aa91",
"company": "/v1/companies/org_33d000fdc8a62017",
"trust_center": "/v1/trust-centers/tc_7d7ee18589030c52",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_c940b0194c10aa91JSON