CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-1547

HIGH
8.0
CVSS Severity Score
EPSS Score0.0680%
EPSS Percentile3.03th
Published2018年6月7日
Last Modified2024年11月21日

Vulnerability Description

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651.

Affected Platforms (CPE)

📦
Ibm

Robotic Process Automation With Automation Anywhere

= 10.0

References & Advisories

🔗 http://www.ibm.com/support/docview.wss?uid=swg22016197
🔗 http://www.securityfocus.com/bid/104469
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/142651
🔗 http://www.ibm.com/support/docview.wss?uid=swg22016197
🔗 http://www.securityfocus.com/bid/104469
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/142651

相关漏洞威胁

CVE-2019-43369.8

IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote at...

CVE-2019-42987.1

IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which cou...

CVE-2020-49016.5

IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive informatio...

CVE-2018-18766.2

IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log f...