Directory Traversal Vulnerability in IBM Robotic Process Automation by IBM
CVE-2018-2006

4.9MEDIUM

Key Information:

Vendor

IBM
Status
Robotic Process Automation With Automation Anywhere
Vendor
CVE Published:
19 February 2019

What is CVE-2018-2006?

IBM Robotic Process Automation with Automation Anywhere 11 is susceptible to a directory traversal vulnerability. By crafting a malicious URL that includes directory traversal sequences (e.g., /../), an attacker could gain unauthorized access to various directories on the system. This exploitation may allow the attacker to upload arbitrary files, potentially compromising the integrity and confidentiality of the system. Security measures should be taken to mitigate this risk and protect sensitive data.

Affected Version(s)

Robotic Process Automation with Automation Anywhere 11

References

http://www.securityfocus.com/bid/107122
vdb-entryx_refsource_BID
https://www.ibm.com/support/docview.wss?uid=ibm10794133
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/155008
vdb-entryx_refsource_XF

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.