CVE-2018-1547

8HIGH

Key Information:

Vendor
IBM
Status
Robotic Process Automation With Automation Anywhere
Vendor
CVE Published:
7 June 2018

Summary

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651.

Affected Version(s)

Robotic Process Automation with Automation Anywhere 10.0

References

http://www.securityfocus.com/bid/104469
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/142651
vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg22016197
x_refsource_CONFIRM

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.