CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1908
https://notcve.org/view.php?id=CVE-2018-1908
14 Mar 2019 — IBM Robotic Process Automation with Automation Anywhere 11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152671. IBM Robotic Process Automation with Automation Anywhere 11 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de... • http://www.ibm.com/support/docview.wss?uid=ibm10739253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2006
https://notcve.org/view.php?id=CVE-2018-2006
21 Feb 2019 — IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID: 155008. IBM Robotic Process Automation, en su versión "Automation Anywhere 11", podría permitir que un atacante remoto salte directorios en el sistema. Un atacante podría enviar una petición URL especialmente manipulada que contenga s... • http://www.securityfocus.com/bid/107122 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1876
https://notcve.org/view.php?id=CVE-2018-1876
02 Nov 2018 — IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707. En ciertas condiciones, IBM Robotic Process Automation with Automation Anywhere 11 podría mostrar la contraseña en un archivo de registro de Control Room tras la instalación. IBM X-Force ID: 151707. • https://exchange.xforce.ibmcloud.com/vulnerabilities/151707 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1878
https://notcve.org/view.php?id=CVE-2018-1878
02 Nov 2018 — IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714. IBM Robotic Process Automation with Automation Anywhere 11 podría divulgar información sensible en una petición web que podría ayudar en futuros ataques contra el sistema. IBM X-Force ID: 151714. • https://exchange.xforce.ibmcloud.com/vulnerabilities/151714 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1877
https://notcve.org/view.php?id=CVE-2018-1877
02 Nov 2018 — IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713. IBM Robotic Process Automation with Automation Anywhere 11 podría almacenar información altamente en forma de contraseñas sin cifrar que estarían disponibles para un usuario local. IBM X-Force ID: 151713. • http://www.ibm.com/support/docview.wss?uid=ibm10735973 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1552
https://notcve.org/view.php?id=CVE-2018-1552
02 Nov 2018 — IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889. IBM Robotic Process Automation with Automation Anywhere 10.0 y 11.0 podría permitir que un atacante remoto ejecute... • http://www.ibm.com/support/docview.wss?uid=swg22016247 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1812
https://notcve.org/view.php?id=CVE-2018-1812
05 Oct 2018 — IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in a victim's web browser within the security context of the hosting Web site, once victim opens a certain page in Control Room. IBM X-Force ID: 149883. IBM Robotic Process Automation with Automation Anywhere Enterprise 10 es vulnerable... • https://exchange.xforce.ibmcloud.com/vulnerabilities/149883 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1795
https://notcve.org/view.php?id=CVE-2018-1795
05 Oct 2018 — IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149073. IBM Robotic Process Automation with Automation Anywhere Enterprise 10 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/149073 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 1%CPEs: 1EXPL: 0CVE-2018-1547
https://notcve.org/view.php?id=CVE-2018-1547
07 Jun 2018 — IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651. IBM Robotic Process Automation with Automation Anywhere 10.0 podría permitir qu... • http://www.ibm.com/support/docview.wss?uid=swg22016197 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1514
https://notcve.org/view.php?id=CVE-2018-1514
07 Jun 2018 — IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622. IBM Robotic Process Automation with Automation Anywhere 10.0 es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web c... • http://www.ibm.com/support/docview.wss?uid=swg22016099 • CWE-352: Cross-Site Request Forgery (CSRF) •