CVE-2018-1812
https://notcve.org/view.php?id=CVE-2018-1812
IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in a victim's web browser within the security context of the hosting Web site, once victim opens a certain page in Control Room. IBM X-Force ID: 149883. IBM Robotic Process Automation with Automation Anywhere Enterprise 10 es vulnerable a Cross-Site Scripting (XSS) persistente provocado por la falta de escape del campo de una base de datos. Un atacante que tenga acceso a la base de datos Control Room podría explotar esta vulnerabilidad para ejecutar scripts en el navegador web de una víctima en el contexto de seguridad del sitio web alojador, una vez la víctima abre cierta página en Control Room. • https://exchange.xforce.ibmcloud.com/vulnerabilities/149883 https://www.ibm.com/support/docview.wss?uid=ibm10731925 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1514
https://notcve.org/view.php?id=CVE-2018-1514
IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622. IBM Robotic Process Automation with Automation Anywhere 10.0 es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web confía. IBM X-Force ID: 141622. • http://www.ibm.com/support/docview.wss?uid=swg22016099 https://exchange.xforce.ibmcloud.com/vulnerabilities/141622 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-1547
https://notcve.org/view.php?id=CVE-2018-1547
IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651. IBM Robotic Process Automation with Automation Anywhere 10.0 podría permitir que un atacante remoto ejecute código arbitrario en el sistema, provocado por el cifrado de salida incorrecto en un archivo CSV exportado. Si se convence a una víctima para que descargue el archivo CSV exportado, lo abra en Microsoft Excel y confirme las dos preguntas de seguridad, un atacante podría explotar esta vulnerabilidad para ejecutar cualquier comando o programa en la máquina de la víctima. • http://www.ibm.com/support/docview.wss?uid=swg22016197 http://www.securityfocus.com/bid/104469 https://exchange.xforce.ibmcloud.com/vulnerabilities/142651 •
CVE-2017-1751
https://notcve.org/view.php?id=CVE-2017-1751
IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546. IBM Robotic Process Automation with Automation Anywhere 10.0.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22011185 http://www.securityfocus.com/bid/102217 https://exchange.xforce.ibmcloud.com/vulnerabilities/135546 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •