Directory Traversal Vulnerability in IBM Robotic Process Automation by IBM
CVE-2018-2006
4.9MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 19 February 2019
Summary
IBM Robotic Process Automation with Automation Anywhere 11 is susceptible to a directory traversal vulnerability. By crafting a malicious URL that includes directory traversal sequences (e.g., /../), an attacker could gain unauthorized access to various directories on the system. This exploitation may allow the attacker to upload arbitrary files, potentially compromising the integrity and confidentiality of the system. Security measures should be taken to mitigate this risk and protect sensitive data.
Affected Version(s)
Robotic Process Automation with Automation Anywhere 11
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved