Skip to main content

Robotic Process Automation With Automation Anywhere

16 CVEs product

Monthly

CVE-2019-4337 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass IBM Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-4336 CRITICAL PATCH Act Now

IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-4299 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-4298 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

PostgreSQL IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2019-4297 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Authentication Bypass IBM LDAP Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-4296 LOW PATCH Monitor

IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-4295 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Hashicorp Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2018-1878 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-1877 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-1876 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1552 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-1812 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1795 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1547 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. Rated high severity (CVSS 7.7), this vulnerability is no authentication required.

Microsoft IBM RCE Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
7.7
EPSS
2.2%
CVE-2018-1514 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-1751 MEDIUM This Month

IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
5.4
EPSS
0.2%
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass IBM Robotic Process Automation With Automation Anywhere
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

PostgreSQL IBM Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Authentication Bypass IBM +2
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Hashicorp +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD
EPSS 2% CVSS 7.7
HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. Rated high severity (CVSS 7.7), this vulnerability is no authentication required.

Microsoft IBM RCE +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Robotic Process Automation With Automation Anywhere
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy