IBM Robotic Process Automation with Automation Anywhere is vulnerable to a cross-site scripting vulnerability
CVEID: CVE-2018-1812 DESCRIPTION: IBM Robotic Process Automation with Automation Anywhere Enterprise is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in a victimβs web browser within the security context of the hosting Web site, once victim opens a certain page in Control Room.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149883> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
The recommended solution is to apply the interim fix containing APAR JR59977 as soon as practical:
None