Lucene search
IBM2971E22801C9CB1BAA5D6CB03D6143B85113A12209399A016E13EE2F56CF933EHistoryFeb 19, 2019 - 9:45 a.m.
Security Bulletin: Directory traversal vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-2006)
2019-02-1909:45:01
www.ibm.com
4
0.001 Low
EPSS
Percentile
46.3%
Summary
IBM Robotic Process Automation with Automation Anywhere is vulnerable to directory traversal
Vulnerability Details
CVEID: CVE-2018-2006 DESCRIPTION: IBM Robotic Process Automation with Automation Anywhere could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to upload arbitrary files to the system.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155008> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)
Affected Products and Versions
| IBM Robotic Process Automation with Automation Anywhere | Affected Versions |
|---|---|
| IBM Robotic Process Automation with Automation Anywhere | 11.0 |
Remediation/Fixes
| Product | VRMF | APAR | Remediation / First Fix |
|---|---|---|---|
| IBM Robotic Process Automation with Automation Anywhere | 11.0.0.4 | JR60391 | IBM Robotic Process Automation with Automation Anywhere v11.0.0.4 ifix 001 |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm robotic process automation with automation anywhere | eq | 11.0 |
Related
cvelist
cvelist
CVE-2018-2006
2019-02-19 00:00:00
nvd
nvd
CVE-2018-2006
2019-02-21 17:29:00
cve
cve
CVE-2018-2006
2019-02-21 17:29:00
prion
prion
Design/Logic Flaw
2019-02-21 17:29:00
0.001 Low
EPSS
Percentile
46.3%
Related for 2971E22801C9CB1BAA5D6CB03D6143B85113A12209399A016E13EE2F56CF933E