CVE-2018-1552
Description
IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allow remote code execution via unrestricted file upload, requiring user interaction.
Vulnerability
IBM Robotic Process Automation with Automation Anywhere versions 10.0 and 11.0 contain a missing restriction on the types of files that can be uploaded to the control room. This allows a remote attacker to upload a malicious file, which can then be executed on the system if a victim is tricked into running it [1].
Exploitation
An attacker with network access to the control room and authenticated credentials can upload a specially crafted file. The attacker must also convince a victim (e.g., an operator) to execute that file, potentially through social engineering or by naming it innocuously [1].
Impact
Successful exploitation leads to arbitrary code execution on the system under the context of the victim. The attacker gains the ability to compromise confidentiality, integrity, and availability of the affected system, with a CVSS v3 base score of 5.5 [1].
Mitigation
As of the publication date, IBM has not released a fix or workaround for this vulnerability. The vendor advisory lists no mitigations [1]. Users should monitor for updates and restrict file upload capabilities where possible.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 10.0, 11.0
- Range: 10.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
- exchange.xforce.ibmcloud.com/vulnerabilities/142889mitrevdb-entryx_refsource_XF
News mentions
0No linked articles in our index yet.