Skip to main content

Robotic Process Automation With Automation Anywhere CVE-2019-4296

LOW
Insertion of Sensitive Information into Log File (CWE-532)
2019-07-01 psirt@us.ibm.com
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 01, 2019 - 15:15 nvd
LOW 3.3

DescriptionNVD

IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759.

AnalysisAI

IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-532. IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759. Affected products include: Ibm Robotic Process Automation With Automation Anywhere.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-4336 CRITICAL
9.8 Jul 01

IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a

CVE-2018-1552 HIGH
8.8 Nov 02

IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code

CVE-2018-1514 HIGH
8.8 Jun 07

IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could all

CVE-2018-1877 HIGH
7.8 Nov 02

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unenc

CVE-2018-1547 HIGH
7.7 Jun 07

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on

CVE-2019-4298 HIGH
7.1 Jul 01

IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access

CVE-2018-1795 MEDIUM
6.1 Oct 05

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. Rated mediu

CVE-2019-4299 MEDIUM
5.5 Jul 01

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive informati

CVE-2018-1876 MEDIUM
5.5 Nov 02

IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control

CVE-2017-1751 MEDIUM
5.4 Dec 20

IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. Rated medium sever

CVE-2019-4297 MEDIUM
5.4 Jul 01

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDA

CVE-2018-1812 MEDIUM
5.4 Oct 05

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting,

Share

CVE-2019-4296 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy