IBM Robotic Process Automation is vulnerable to LDAP Injection.
CVEID: CVE-2019-4297 DESCRIPTION: IBM Robotic Process Automation with Automation Anywhere could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content.
CVSS Base Score: 6.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160761> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
Affected IBM Robotic Process Automation with Automation Anywhere | Affected Versions |
---|---|
IBM Robotic Process Automation with Automation Anywhere | 11.0 |
Product | VRMF | APAR | Remediation / First Fix |
---|---|---|---|
IBM Robotic Process Automation with Automation Anywhere | 11.0.0.4 | JR60982 | IBM Robotic Process Automation with Automation Anywhere v11.0.0.5 |
None