CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1547

HIGH
8.0
CVSS Severity Score
EPSS Score0.0680%
EPSS Percentile3.03th
PublishedJun 7, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651.

Affected Platforms (CPE)

πŸ“¦
Ibm

Robotic Process Automation With Automation Anywhere

= 10.0

References & Advisories

πŸ”— http://www.ibm.com/support/docview.wss?uid=swg22016197
πŸ”— http://www.securityfocus.com/bid/104469
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/142651
πŸ”— http://www.ibm.com/support/docview.wss?uid=swg22016197
πŸ”— http://www.securityfocus.com/bid/104469
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/142651

Related Vulnerabilities

CVE-2019-43369.8

IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote at...

CVE-2019-42987.1

IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which cou...

CVE-2020-49016.5

IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive informatio...

CVE-2018-18766.2

IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log f...