IBM RPA with Automation Anywhere is vulnerable to cross-site scripting.
CVEID**:** CVE-2017-1751**
DESCRIPTION:** IBM Robotic Process Automation with Automation Anywhere is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135546> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
- IBM Robotic Process Automation with Automation Anywhere V10.0.0.0
The recommended solution is to apply the cumulative fix containing APAR JR58759 as soon as practical:
- IBM Robotic Process Automation with Automation Anywhere
None