Lucene search
IBM139A67D1A7CF26C7951131CEBD7B40AAF0F61FB26417A04ACB379116ACBAEFD7HistoryJun 28, 2019 - 11:50 a.m.
Security Bulletin: IBM Robotic Process Automation is vulnerable to LDAP Injection (CVE-2019-4297)
2019-06-2811:50:01
www.ibm.com
10
EPSS
0.001
Percentile
31.7%
Summary
IBM Robotic Process Automation is vulnerable to LDAP Injection.
Vulnerability Details
CVEID: CVE-2019-4297 DESCRIPTION: IBM Robotic Process Automation with Automation Anywhere could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content.
CVSS Base Score: 6.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160761> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
Affected Products and Versions
| Affected IBM Robotic Process Automation with Automation Anywhere | Affected Versions |
|---|---|
| IBM Robotic Process Automation with Automation Anywhere | 11.0 |
Remediation/Fixes
| Product | VRMF | APAR | Remediation / First Fix |
|---|---|---|---|
| IBM Robotic Process Automation with Automation Anywhere | 11.0.0.4 | JR60982 | IBM Robotic Process Automation with Automation Anywhere v11.0.0.5 |
Workarounds and Mitigations
None
Related
nvd
nvd
CVE-2019-4297
2019-07-01 15:15:12
cvelist
cvelist
CVE-2019-4297
2019-07-01 15:05:37
cve
cve
CVE-2019-4297
2019-07-01 15:15:12
prion
prion
Code injection
2019-07-01 15:15:00
EPSS
0.001
Percentile
31.7%
Related for 139A67D1A7CF26C7951131CEBD7B40AAF0F61FB26417A04ACB379116ACBAEFD7