CVSS: 8.0EPSS: 1%CPEs: 1EXPL: 0CVE-2018-1547
https://notcve.org/view.php?id=CVE-2018-1547
07 Jun 2018 — IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651. IBM Robotic Process Automation with Automation Anywhere 10.0 podría permitir qu... • http://www.ibm.com/support/docview.wss?uid=swg22016197 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1751
https://notcve.org/view.php?id=CVE-2017-1751
20 Dec 2017 — IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546. IBM Robotic Process Automation with Automation Anywhere 10.0.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la int... • http://www.ibm.com/support/docview.wss?uid=swg22011185 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •