CVE-2018-1547 — Improper Encoding or Escaping of Output in IBM Robotic Process Automation With Automation Anywhere

4 documents4 sources

Severity

7.7HIGHNVD

CNA8.0

EPSS

1.2%

top 20.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Robotic Process Automation With Automation Anywhere

Timeline

PublishedJun 7

Latest updateMay 13

Description

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.0 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5ibm/robotic_process_automation_with_automation_anywhere10.0

▶NVDibm/robotic_process_automation_with_automation_anywhere10.0

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-2hgx-m265-x6jf: IBM Robotic Process Automation with Automation Anywhere 10↗2022-05-13

▶

CVEList

CVE-2018-1547: IBM Robotic Process Automation with Automation Anywhere 10↗2018-06-07

▶

💬Community

Bugzilla

CVE-2018-19387 tmux: NULL Pointer Dereference in format_cb_pane_tabs in format.c↗2018-11-21

▶