Vendor
Automation Anywhere
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-41226 | Hig | 0.51 | 7.8 | 0.01 | Aug 6, 2024 | A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack… | ||
| CVE-2022-29856 | Hig | 0.49 | 7.5 | 0.02 | Apr 29, 2022 | A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages. | ||
| CVE-2024-6922 | Med | 0.47 | — | 0.30 | Jul 26, 2024 | Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from… |
- risk 0.51cvss 7.8epss 0.01
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack…
- risk 0.49cvss 7.5epss 0.02
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages.
- risk 0.47cvss —epss 0.30
Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from…