CVE-2018-1552
https://notcve.org/view.php?id=CVE-2018-1552
IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889. IBM Robotic Process Automation with Automation Anywhere 10.0 y 11.0 podría permitir que un atacante remoto ejecute código arbitrario en el sistema, provocado por la falta de restricciones por las que los tipos de archivos se pueden subir a la sala de control. Mediante la subida de un archivo malicioso y engañando a una víctima para que lo ejecute, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22016247 https://exchange.xforce.ibmcloud.com/vulnerabilities/142889 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2018-1795
https://notcve.org/view.php?id=CVE-2018-1795
IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149073. IBM Robotic Process Automation with Automation Anywhere Enterprise 10 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • https://exchange.xforce.ibmcloud.com/vulnerabilities/149073 https://www.ibm.com/support/docview.wss?uid=ibm10730615 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1812
https://notcve.org/view.php?id=CVE-2018-1812
IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in a victim's web browser within the security context of the hosting Web site, once victim opens a certain page in Control Room. IBM X-Force ID: 149883. IBM Robotic Process Automation with Automation Anywhere Enterprise 10 es vulnerable a Cross-Site Scripting (XSS) persistente provocado por la falta de escape del campo de una base de datos. Un atacante que tenga acceso a la base de datos Control Room podría explotar esta vulnerabilidad para ejecutar scripts en el navegador web de una víctima en el contexto de seguridad del sitio web alojador, una vez la víctima abre cierta página en Control Room. • https://exchange.xforce.ibmcloud.com/vulnerabilities/149883 https://www.ibm.com/support/docview.wss?uid=ibm10731925 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1514
https://notcve.org/view.php?id=CVE-2018-1514
IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622. IBM Robotic Process Automation with Automation Anywhere 10.0 es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web confía. IBM X-Force ID: 141622. • http://www.ibm.com/support/docview.wss?uid=swg22016099 https://exchange.xforce.ibmcloud.com/vulnerabilities/141622 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-1547
https://notcve.org/view.php?id=CVE-2018-1547
IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651. IBM Robotic Process Automation with Automation Anywhere 10.0 podría permitir que un atacante remoto ejecute código arbitrario en el sistema, provocado por el cifrado de salida incorrecto en un archivo CSV exportado. Si se convence a una víctima para que descargue el archivo CSV exportado, lo abra en Microsoft Excel y confirme las dos preguntas de seguridad, un atacante podría explotar esta vulnerabilidad para ejecutar cualquier comando o programa en la máquina de la víctima. • http://www.ibm.com/support/docview.wss?uid=swg22016197 http://www.securityfocus.com/bid/104469 https://exchange.xforce.ibmcloud.com/vulnerabilities/142651 •