Automationanywhere Automation 360 vulnerabilities
3 known vulnerabilities affecting automationanywhere/automation_360.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-6922P2MEDIUMCVSS 6.9PoC≥ 21, ≤ 322024-07-26
CVE-2024-6922 [MEDIUM] CWE-918 CVE-2024-6922: Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API
Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.
nvd
CVE-2022-29856P3HIGHCVSS 7.5v222022-04-29
CVE-2022-29856 [HIGH] CWE-798 CVE-2022-29856: A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA package
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages.
nvd
CVE-2024-41226P3HIGHCVSS 7.8v210942024-08-06
CVE-2024-41226 [HIGH] CWE-1236 CVE-2024-41226: A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers t
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. The payload is being injected in the http Response from
nvd