Lucene search

IbmCVELIST:CVE-2018-1547

HistoryMay 30, 2018 - 12:00 a.m.

CVE-2018-1547

2018-05-3000:00:00

ibm

www.cve.org

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

0.007 Low

EPSS

Percentile

80.8%

JSON

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim’s machine. IBM X-Force ID: 142651.

CNA Affected

[
  {
    "product": "Robotic Process Automation with Automation Anywhere",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.0"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg22016197

www.securityfocus.com/bid/104469

exchange.xforce.ibmcloud.com/vulnerabilities/142651

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

0.007 Low

EPSS

Percentile

80.8%

JSON

Related for CVELIST:CVE-2018-1547