Lucene search

K
cvelistIbmCVELIST:CVE-2019-4297
HistoryJul 01, 2019 - 3:05 p.m.

CVE-2019-4297

2019-07-0115:05:37
ibm
www.cve.org
4
ibm
rpa
ldap
injection
vulnerability

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

31.7%

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761.

CNA Affected

[
  {
    "product": "Robotic Process Automation with Automation Anywhere",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "11"
      }
    ]
  }
]

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

31.7%

Related for CVELIST:CVE-2019-4297