Remote Code Execution Vulnerability in IBM Robotic Process Automation
CVE-2018-1547

8HIGH

Key Information:

Vendor

IBM
Status
Robotic Process Automation With Automation Anywhere
Vendor
CVE Published:
7 June 2018

What is CVE-2018-1547?

A vulnerability in IBM Robotic Process Automation with Automation Anywhere 10.0 allows remote attackers to execute arbitrary code by exploiting improper output encoding during CSV exports. Attackers can lure victims into downloading the malicious CSV file, prompting them to open it in Microsoft Excel. By confirming two security questions, they can execute commands or run programs on the victim's machine without their consent. Organizations using this software must ensure their systems are patched to mitigate potential risks.

Affected Version(s)

Robotic Process Automation with Automation Anywhere 10.0

References

http://www.securityfocus.com/bid/104469
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/142651
vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg22016197
x_refsource_CONFIRM

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.