IBM Robotic Process Automation with Automation Anywhere is vulnerable to directory traversal
CVEID: CVE-2018-2006 DESCRIPTION: IBM Robotic Process Automation with Automation Anywhere could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing βdot dotβ sequences (/β¦/) to upload arbitrary files to the system.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155008> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)
IBM Robotic Process Automation with Automation Anywhere | Affected Versions |
---|---|
IBM Robotic Process Automation with Automation Anywhere | 11.0 |
Product | VRMF | APAR | Remediation / First Fix |
---|---|---|---|
IBM Robotic Process Automation with Automation Anywhere | 11.0.0.4 | JR60391 | IBM Robotic Process Automation with Automation Anywhere v11.0.0.4 ifix 001 |
None