Skip to main content

Robotic Process Automation With Automation Anywhere CVE-2018-1878

MEDIUM
Information Exposure (CWE-200)
2018-11-02 psirt@us.ibm.com
5.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 02, 2018 - 15:29 nvd
MEDIUM 5.3

DescriptionNVD

IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714.

AnalysisAI

IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714. Affected products include: Ibm Robotic Process Automation With Automation Anywhere.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2019-4336 CRITICAL
9.8 Jul 01

IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a

CVE-2018-1552 HIGH
8.8 Nov 02

IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code

CVE-2018-1514 HIGH
8.8 Jun 07

IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could all

CVE-2018-1877 HIGH
7.8 Nov 02

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unenc

CVE-2018-1547 HIGH
7.7 Jun 07

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on

CVE-2019-4298 HIGH
7.1 Jul 01

IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access

CVE-2018-1795 MEDIUM
6.1 Oct 05

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. Rated mediu

CVE-2019-4299 MEDIUM
5.5 Jul 01

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive informati

CVE-2018-1876 MEDIUM
5.5 Nov 02

IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control

CVE-2017-1751 MEDIUM
5.4 Dec 20

IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. Rated medium sever

CVE-2019-4297 MEDIUM
5.4 Jul 01

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDA

CVE-2018-1812 MEDIUM
5.4 Oct 05

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting,

Share

CVE-2018-1878 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy