CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1908
https://notcve.org/view.php?id=CVE-2018-1908
IBM Robotic Process Automation with Automation Anywhere 11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152671. IBM Robotic Process Automation with Automation Anywhere 11 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10739253 http://www.securityfocus.com/bid/107431 https://exchange.xforce.ibmcloud.com/vulnerabilities/152671 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2006
https://notcve.org/view.php?id=CVE-2018-2006
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID: 155008. IBM Robotic Process Automation, en su versión "Automation Anywhere 11", podría permitir que un atacante remoto salte directorios en el sistema. Un atacante podría enviar una petición URL especialmente manipulada que contenga secuencias "punto punto" (/../) para subir archivos arbitrarios al sistema. • http://www.securityfocus.com/bid/107122 https://exchange.xforce.ibmcloud.com/vulnerabilities/155008 https://www.ibm.com/support/docview.wss?uid=ibm10794133 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1552
https://notcve.org/view.php?id=CVE-2018-1552
IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889. IBM Robotic Process Automation with Automation Anywhere 10.0 y 11.0 podría permitir que un atacante remoto ejecute código arbitrario en el sistema, provocado por la falta de restricciones por las que los tipos de archivos se pueden subir a la sala de control. Mediante la subida de un archivo malicioso y engañando a una víctima para que lo ejecute, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22016247 https://exchange.xforce.ibmcloud.com/vulnerabilities/142889 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1878
https://notcve.org/view.php?id=CVE-2018-1878
IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714. IBM Robotic Process Automation with Automation Anywhere 11 podría divulgar información sensible en una petición web que podría ayudar en futuros ataques contra el sistema. IBM X-Force ID: 151714. • https://exchange.xforce.ibmcloud.com/vulnerabilities/151714 https://www.ibm.com/support/docview.wss?uid=ibm10735977 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1876
https://notcve.org/view.php?id=CVE-2018-1876
IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707. En ciertas condiciones, IBM Robotic Process Automation with Automation Anywhere 11 podría mostrar la contraseña en un archivo de registro de Control Room tras la instalación. IBM X-Force ID: 151707. • https://exchange.xforce.ibmcloud.com/vulnerabilities/151707 https://www.ibm.com/support/docview.wss?uid=ibm10735967 • CWE-532: Insertion of Sensitive Information into Log File •