IBM Robotic Process Automation with Automation Anywhere is vulnerable to a remote code execution vulnerability
CVEID: CVE-2018-1552 DESCRIPTION: IBM Robotic Process Automation with Automation Anywhere allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142889> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Affected IBM Robotic Process Automation with Automation Anywhere | Affected Versions |
---|---|
IBM Robotic Process Automation with Automation Anywhere | 10.0, 11.0 |
Product | VRMF | APAR | Remediation / First Fix |
---|---|---|---|
IBM Robotic Process Automation with Automation Anywhere | 10.0.0.CF201803 | JR59512 | IBM Robotic Process Automation with Automation Anywhere v10.0.0.CF201803 |
IBM Robotic Process Automation with Automation Anywhere | 11.0.0.1 | JR59512 | IBM Robotic Process Automation with Automation Anywhere v11.0.0.2 |
None