Robotic Process Automation with Automation Anywhere
by IBM
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1751 | Med | 0.35 | 5.4 | 0.00 | Dec 20, 2017 | IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a… | ||
| CVE-2019-4337 | 0.00 | — | 0.00 | Jul 1, 2019 | IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412. | |||
| CVE-2019-4299 | 0.00 | — | 0.00 | Jul 1, 2019 | IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765. | |||
| CVE-2019-4298 | 0.00 | — | 0.00 | Jul 1, 2019 | IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764. | |||
| CVE-2019-4297 | 0.00 | — | 0.00 | Jul 1, 2019 | IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM… | |||
| CVE-2019-4296 | 0.00 | — | 0.00 | Jul 1, 2019 | IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759. | |||
| CVE-2019-4295 | 0.00 | — | 0.00 | Jul 1, 2019 | IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758. | |||
| CVE-2018-1908 | 0.00 | — | 0.00 | Mar 14, 2019 | IBM Robotic Process Automation with Automation Anywhere 11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a… | |||
| CVE-2018-2006 | 0.00 | — | 0.00 | Feb 21, 2019 | IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID:… | |||
| CVE-2018-1877 | 0.00 | — | 0.00 | Nov 2, 2018 | IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713. | |||
| CVE-2018-1552 | 0.00 | — | 0.02 | Nov 2, 2018 | IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to… | |||
| CVE-2018-1876 | 0.00 | — | 0.00 | Nov 2, 2018 | IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707. | |||
| CVE-2018-1878 | 0.00 | — | 0.00 | Nov 2, 2018 | IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714. | |||
| CVE-2018-1514 | 0.00 | — | 0.00 | Jun 7, 2018 | IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622. | |||
| CVE-2018-1547 | 0.00 | — | 0.01 | Jun 7, 2018 | IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to… |
- risk 0.35cvss 5.4epss 0.00
IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…
- CVE-2019-4337Jul 1, 2019risk 0.00cvss —epss 0.00
IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412.
- CVE-2019-4299Jul 1, 2019risk 0.00cvss —epss 0.00
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.
- CVE-2019-4298Jul 1, 2019risk 0.00cvss —epss 0.00
IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764.
- CVE-2019-4297Jul 1, 2019risk 0.00cvss —epss 0.00
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM…
- CVE-2019-4296Jul 1, 2019risk 0.00cvss —epss 0.00
IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759.
- CVE-2019-4295Jul 1, 2019risk 0.00cvss —epss 0.00
IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758.
- CVE-2018-1908Mar 14, 2019risk 0.00cvss —epss 0.00
IBM Robotic Process Automation with Automation Anywhere 11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…
- CVE-2018-2006Feb 21, 2019risk 0.00cvss —epss 0.00
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID:…
- CVE-2018-1877Nov 2, 2018risk 0.00cvss —epss 0.00
IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713.
- CVE-2018-1552Nov 2, 2018risk 0.00cvss —epss 0.02
IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to…
- CVE-2018-1876Nov 2, 2018risk 0.00cvss —epss 0.00
IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707.
- CVE-2018-1878Nov 2, 2018risk 0.00cvss —epss 0.00
IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714.
- CVE-2018-1514Jun 7, 2018risk 0.00cvss —epss 0.00
IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622.
- CVE-2018-1547Jun 7, 2018risk 0.00cvss —epss 0.01
IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to…