Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8AAACE4B8576E759E07E007A6C62A6C7EADF6433E09CA81BDF0E3614C86C7DF0
HistoryMar 02, 2022 - 4:40 p.m.

Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation

2022-03-0216:40:15
www.ibm.com
54

0.081 Low

EPSS

Percentile

94.3%

JSON

Summary

Multiple vulnerabilities in IBM Robotic Process Automation

Vulnerability Details

CVEID:CVE-2021-26701
**DESCRIPTION:**Microsoft .NET Core and Visual Studio could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196358 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-8331
**DESCRIPTION:**Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the tooltip or popover data-template. A remote attacker could exploit this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/157409 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Robotic Process Automation < 21.0.1

Remediation/Fixes

Product Remediation/First fix
IBM Robotic Process Automation 21.0.1

Workarounds and Mitigations

None, IBM Robotic Process Automation 21.0.1 or higher must be applied to correct the problem.

Related

oraclelinux 6
altlinux 8
cvelist 3
archlinux 4
fedora 6
nessus 50
cve 3
mscve 1
thn 2
redhat 21
paloalto 1
redhatcve 2
osv 10
openvas 7
ibm 22
prion 3
almalinux 5
veracode 2
nvd 3
github 5
githubexploit 1
ubuntucve 1
debiancve 1
typo3 1
f5 1
gitlab 1
nodejs 1
hackerone 2
freebsd 1
laminas 1
jvn 1
kaspersky 1
malwarebytes 1
ics 1
centos 1
rocky 2
amazon 1
threatpost 1
rapid7blog 1
oracle 1
oraclelinux
oraclelinux
dotnet security and bugfix update
2021-03-10 00:00:00
.NET Core on OL 8 security and bugfix update
2021-03-11 00:00:00
dotnet3.1 security and bugfix update
2021-03-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package dotnet-runtime-7.0 version 5.0.5-alt1
2021-04-17 00:00:00
Security fix for the ALT Linux 9 package dotnet-bootstrap-5.0 version 5.0.5-alt1
2021-04-17 00:00:00
Security fix for the ALT Linux 9 package dotnet-bootstrap-3.1 version 3.1.14-alt1
2021-04-17 00:00:00
cvelist
cvelist
CVE-2021-26701 .NET Core Remote Code Execution Vulnerability
2021-02-25 23:02:00
CVE-2019-8331
2019-02-20 16:00:00
CVE-2023-32711 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View
2023-06-01 16:34:27
archlinux
archlinux
[ASA-202103-23] dotnet-sdk-3.1: arbitrary code execution
2021-03-25 00:00:00
[ASA-202103-22] dotnet-runtime-3.1: arbitrary code execution
2021-03-25 00:00:00
[ASA-202103-20] dotnet-runtime: arbitrary code execution
2021-03-25 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: dotnet3.1-3.1.113-1.fc33
2021-03-27 01:11:47
[SECURITY] Fedora 32 Update: dotnet3.1-3.1.113-1.fc32
2021-03-27 01:24:04
[SECURITY] Fedora 33 Update: dotnet5.0-5.0.104-1.fc33
2021-03-23 01:34:49
nessus
nessus
RHEL 7 : .NET Core 2.1 on Red Hat Enterprise Linux (RHSA-2021:0787)
2021-03-10 00:00:00
RHEL 8 : .NET Core on RHEL 8 (RHSA-2021:0793)
2021-03-10 00:00:00
RHEL 8 : dotnet (RHSA-2021:0788)
2021-03-10 00:00:00
cve
cve
CVE-2021-26701
2021-02-25 23:15:16
CVE-2019-8331
2019-02-20 16:29:00
CVE-2023-32711
2023-06-01 17:15:10
mscve
mscve
.NET Core Remote Code Execution Vulnerability
2021-02-09 08:00:00
thn
thn
Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw
2021-07-05 06:42:00
Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs
2021-02-10 04:44:00
redhat
redhat
(RHSA-2021:0787) Important: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update
2021-03-09 19:43:26
(RHSA-2021:0790) Important: dotnet3.1 security and bugfix update
2021-03-09 19:46:05
(RHSA-2021:0793) Important: .NET Core on RHEL 8 security and bugfix update
2021-03-09 20:33:04
paloalto
paloalto
Informational: Impact of Microsoft PowerShell Vulnerability CVE-2021-26701 on Cortex XSOAR
2021-08-11 16:00:00
redhatcve
redhatcve
CVE-2021-26701
2021-03-01 15:40:09
CVE-2019-8331
2020-01-04 09:44:24
osv
osv
BIT-dotnet-2021-26701
2024-03-06 10:59:50
BIT-dotnet-sdk-2021-26701
2024-03-06 11:00:00
Bootstrap Vulnerable to Cross-Site Scripting
2019-02-22 20:54:47
openvas
openvas
Fedora: Security Advisory for dotnet3.1 (FEDORA-2021-3da33cdc80)
2021-03-27 00:00:00
Fedora: Security Advisory for dotnet5.0 (FEDORA-2021-1b22f31541)
2021-03-24 00:00:00
Fedora: Security Advisory for dotnet3.1 (FEDORA-2021-265a3c7cb9)
2021-03-27 00:00:00
ibm
ibm
Security Bulletin: Vulnerability of System.Text.Encodings.Web.4.5.0 .dll has afftected to .NET Agent
2023-07-11 11:31:57
Security Bulletin: Vulnerability in Microsoft .NET Core and Visual Studio affects IBM Process Mining . CVE-2021-26701
2023-02-01 20:04:18
Security Bulletin: IBM API Connect Developer Portal is affected by a cross site scripting vulnerability in Bootstrap (CVE-2019-8331)
2019-04-04 14:55:02
prion
prion
Remote code execution
2021-02-25 23:15:00
Design/Logic Flaw
2019-02-20 16:29:00
Cross site scripting
2023-06-01 17:15:00
almalinux
almalinux
Important: .NET Core on RHEL 8 security and bugfix update
2021-03-09 20:33:04
Important: dotnet3.1 security and bugfix update
2021-03-09 19:46:05
Important: dotnet security and bugfix update
2021-03-09 19:44:45
veracode
veracode
Remote Code Execution
2021-04-14 03:10:39
Cross-site Scripting (XSS)
2019-02-14 08:50:01
nvd
nvd
CVE-2021-26701
2021-02-25 23:15:16
CVE-2019-8331
2019-02-20 16:29:00
CVE-2023-32711
2023-06-01 17:15:10
github
github
Moderate severity vulnerability that affects bootstrap and bootstrap-sass
2019-02-22 20:54:27
Moderate severity vulnerability that affects Bootstrap.Less, bootstrap, and bootstrap.sass
2019-02-22 20:54:40
Bootstrap Vulnerable to Cross-Site Scripting
2019-02-22 20:54:47
githubexploit
githubexploit
Exploit for Cross-site Scripting in Getbootstrap Bootstrap
2020-12-01 09:18:58
ubuntucve
ubuntucve
CVE-2019-8331
2019-02-20 00:00:00
debiancve
debiancve
CVE-2019-8331
2019-02-20 16:29:00
typo3
typo3
Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0
2019-05-07 00:00:00
f5
f5
K24383845 : Bootstrap vulnerability CVE-2019-8331
2019-04-10 00:00:00
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2019-02-20 00:00:00
nodejs
nodejs
Cross-Site Scripting
2019-05-22 18:03:13
hackerone
hackerone
Sifchain: Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation
2021-06-05 15:52:39
Sifchain: Vulnerable javascript dependency at Main domain
2021-05-07 20:48:11
freebsd
freebsd
mantis -- multiple vulnerabilities
2019-08-28 00:00:00
laminas
laminas
XSS vectors in laminas-api-tools/api-tools
2020-04-01 21:30:00
jvn
jvn
JVN#06527859: KinagaCMS vulnerable to cross-site scripting
2019-03-15 00:00:00
kaspersky
kaspersky
KLA12073 Multiple vulnerabilities in Microsoft Developer Tools
2021-02-09 00:00:00
malwarebytes
malwarebytes
Big Patch Tuesday: Microsoft and Adobe fix in-the-wild exploits
2021-02-10 17:26:33
ics
ics
Mitsubishi Electric EcoWebServerIII
2022-02-24 12:00:00
centos
centos
ipa, python2 security update
2020-10-20 18:15:27
rocky
rocky
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
amazon
amazon
Medium: ipa
2020-10-22 17:40:00
threatpost
threatpost
Actively Exploited Windows Kernel Bug Allows Takeover
2021-02-09 22:33:08
rapid7blog
rapid7blog
Patch Tuesday - February 2021
2021-02-09 23:51:27
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00

0.081 Low

EPSS

Percentile

94.3%

JSON
Related for 8AAACE4B8576E759E07E007A6C62A6C7EADF6433E09CA81BDF0E3614C86C7DF0
oraclelinux6altlinux8cvelist3archlinux4fedora6nessus50cve3mscve1thn2redhat21paloalto1redhatcve2osv10openvas7ibm22prion3almalinux5veracode2nvd3github5githubexploit1ubuntucve1debiancve1typo31f51gitlab1nodejs1hackerone2freebsd1laminas1jvn1kaspersky1malwarebytes1ics1centos1rocky2amazon1threatpost1rapid7blog1oracle1