Vulnerabilities > CVE-2018-19855 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Uipath Orchestrator

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

NVD

Published: 2019-08-08

Updated: 2020-08-24

Summary

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features.

Part	Description	Count
Application	Uipath Uipath Orchestrator 2016.2 Uipath Orchestrator 2016.2.6192 Uipath Orchestrator 2016.2.6232 Uipath Orchestrator 2016.2.6274 Uipath Orchestrator 2016.2.6302 Uipath Orchestrator 2016.2.6344 Uipath Orchestrator 2016.2.6379 Uipath Orchestrator 2016.2.6393 Uipath Orchestrator 2016.2.6442 Uipath Orchestrator 2016.2.6655 Uipath Orchestrator 2017.1.6435 Uipath Orchestrator 2017.1.6522 Uipath Orchestrator 2017.1.6547 Uipath Orchestrator 2017.1.6612 Uipath Orchestrator 2017.1.6656 Uipath Orchestrator 2017.1.6682 Uipath Orchestrator 2018.1 Uipath Orchestrator 2018.1.1 Uipath Orchestrator 2018.1.2 Uipath Orchestrator 2018.1.3 Uipath Orchestrator 2018.1.4 Uipath Orchestrator 2018.1.5 Uipath Orchestrator 2018.1.6 Uipath Orchestrator 2018.1.7 Uipath Orchestrator 2018.2 Uipath Orchestrator 2018.2.2 Uipath Orchestrator 2018.2.3 Uipath Orchestrator 2018.2.4 Uipath Orchestrator 2018.2.6 Uipath Orchestrator 2018.3.1 Uipath Orchestrator 2018.3.2	32