CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1908
https://notcve.org/view.php?id=CVE-2018-1908
IBM Robotic Process Automation with Automation Anywhere 11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152671. IBM Robotic Process Automation with Automation Anywhere 11 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10739253 http://www.securityfocus.com/bid/107431 https://exchange.xforce.ibmcloud.com/vulnerabilities/152671 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2006
https://notcve.org/view.php?id=CVE-2018-2006
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID: 155008. IBM Robotic Process Automation, en su versión "Automation Anywhere 11", podría permitir que un atacante remoto salte directorios en el sistema. Un atacante podría enviar una petición URL especialmente manipulada que contenga secuencias "punto punto" (/../) para subir archivos arbitrarios al sistema. • http://www.securityfocus.com/bid/107122 https://exchange.xforce.ibmcloud.com/vulnerabilities/155008 https://www.ibm.com/support/docview.wss?uid=ibm10794133 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1878
https://notcve.org/view.php?id=CVE-2018-1878
IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714. IBM Robotic Process Automation with Automation Anywhere 11 podría divulgar información sensible en una petición web que podría ayudar en futuros ataques contra el sistema. IBM X-Force ID: 151714. • https://exchange.xforce.ibmcloud.com/vulnerabilities/151714 https://www.ibm.com/support/docview.wss?uid=ibm10735977 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1876
https://notcve.org/view.php?id=CVE-2018-1876
IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707. En ciertas condiciones, IBM Robotic Process Automation with Automation Anywhere 11 podría mostrar la contraseña en un archivo de registro de Control Room tras la instalación. IBM X-Force ID: 151707. • https://exchange.xforce.ibmcloud.com/vulnerabilities/151707 https://www.ibm.com/support/docview.wss?uid=ibm10735967 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1877
https://notcve.org/view.php?id=CVE-2018-1877
IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713. IBM Robotic Process Automation with Automation Anywhere 11 podría almacenar información altamente en forma de contraseñas sin cifrar que estarían disponibles para un usuario local. IBM X-Force ID: 151713. • http://www.ibm.com/support/docview.wss?uid=ibm10735973 https://exchange.xforce.ibmcloud.com/vulnerabilities/151713 • CWE-312: Cleartext Storage of Sensitive Information •