Skip to main content

Robotic Process Automation With Automation Anywhere CVE-2018-1547

HIGH
2018-06-07 psirt@us.ibm.com
7.7
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.7 HIGH
AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 07, 2018 - 14:29 nvd
HIGH 7.7

DescriptionNVD

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651.

AnalysisAI

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. Rated high severity (CVSS 7.7), this vulnerability is no authentication required.

Technical ContextAI

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651. Affected products include: Ibm Robotic Process Automation With Automation Anywhere.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-4336 CRITICAL
9.8 Jul 01

IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a

CVE-2018-1552 HIGH
8.8 Nov 02

IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code

CVE-2018-1514 HIGH
8.8 Jun 07

IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could all

CVE-2018-1877 HIGH
7.8 Nov 02

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unenc

CVE-2019-4298 HIGH
7.1 Jul 01

IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access

CVE-2018-1795 MEDIUM
6.1 Oct 05

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. Rated mediu

CVE-2019-4299 MEDIUM
5.5 Jul 01

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive informati

CVE-2018-1876 MEDIUM
5.5 Nov 02

IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control

CVE-2017-1751 MEDIUM
5.4 Dec 20

IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. Rated medium sever

CVE-2019-4297 MEDIUM
5.4 Jul 01

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDA

CVE-2018-1812 MEDIUM
5.4 Oct 05

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting,

CVE-2019-4337 MEDIUM
5.3 Jul 01

IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due t

Share

CVE-2018-1547 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy