IBM Robotic Process Automation with Automation Anywhere is vulnerable to directory traversal
CVEID: CVE-2018-2006 DESCRIPTION: IBM Robotic Process Automation with Automation Anywhere could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to upload arbitrary files to the system.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155008> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)
IBM Robotic Process Automation with Automation Anywhere | Affected Versions |
---|---|
IBM Robotic Process Automation with Automation Anywhere | 11.0 |
Product | VRMF | APAR | Remediation / First Fix |
---|---|---|---|
IBM Robotic Process Automation with Automation Anywhere | 11.0.0.4 | JR60391 | IBM Robotic Process Automation with Automation Anywhere v11.0.0.4 ifix 001 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm robotic process automation with automation anywhere | eq | 11.0 |