Cross-Site Scripting Vulnerability in IBM Robotic Process Automation
CVE-2018-1908

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Robotic Process Automation With Automation Anywhere
Vendor
CVE Published:
14 March 2019

Summary

IBM Robotic Process Automation with Automation Anywhere 11 contains a vulnerability that allows for the injection of arbitrary JavaScript code into the Web UI. This issue can be exploited by attackers to manipulate the site's behavior, potentially leading to the disclosure of sensitive information such as user credentials within a trusted session. This type of attack highlights the importance of secure coding practices and proper input validation in web applications.

Affected Version(s)

Robotic Process Automation with Automation Anywhere 11

References

http://www.ibm.com/support/docview.wss?uid=ibm10739253
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/152671
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/107431
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.