Orchestrator
by Uipath
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-17305 | Hig | 0.57 | 8.8 | 0.02 | Apr 11, 2019 | UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution. | ||
| CVE-2018-19855 | Med | 0.36 | 5.5 | 0.01 | Aug 8, 2019 | UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features. |
- risk 0.57cvss 8.8epss 0.02
UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution.
- risk 0.36cvss 5.5epss 0.01
UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features.