Username Enumeration Vulnerability in IBM Robotic Process Automation
CVE-2020-4901

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Robotic Process Automation With Automation Anywhere
Vendor: CVE Published:; 7 May 2021

Summary

IBM Robotic Process Automation with Automation Anywhere 11.0 is susceptible to a vulnerability that enables attackers within the network to perform username enumeration attacks. This could allow unauthorized users to gather sensitive information or potentially disrupt services by causing a denial of service. To mitigate risks, it’s crucial for organizations to implement security measures that detect and prevent such enumeration attempts. For more detailed information, please refer to IBM's official documentation and vulnerability tracking resources.

Affected Version(s)

Robotic Process Automation with Automation Anywhere 11.0

References

https://www.ibm.com/support/pages/node/6450435

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/190992

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 7, 2021
Vulnerability Reserved
Dec 30, 2019