Vulnerabilities > CVE-2018-1547 - Unspecified vulnerability in IBM Robotic Process Automation With Automation Anywhere 10.0

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

ibm

NVD

Published: 2018-06-07

Updated: 2019-10-09

Summary

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Robotic Process Automation With Automation Anywhere 10.0	1

References

http://www.ibm.com/support/docview.wss?uid=swg22016197
http://www.securityfocus.com/bid/104469
https://exchange.xforce.ibmcloud.com/vulnerabilities/142651