Lucene search
IBM45FD77DF74798FFBC7B43811AC8D355374F13D65279ED8C5DFD89F0A84A6C17AHistoryOct 30, 2018 - 6:30 p.m.
Security Bulletin: Passwords are unencrypted locally in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1877)
2018-10-3018:30:02
www.ibm.com
4
0.0004 Low
EPSS
Percentile
5.1%
Summary
IBM Robotic Process Automation could store highly sensitive information in the form of unencrypted passwords that would be available to a local user.
Vulnerability Details
CVEID: CVE-2018-1877 DESCRIPTION: IBM Robotic Process Automation could store highly sensitive information in the form of unencrypted passwords that would be available to a local user.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151713> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected IBM Robotic Process Automation with Automation Anywhere | Affected Versions |
|---|---|
| IBM Robotic Process Automation with Automation Anywhere | 11.0 |
Remediation/Fixes
The recommended solution is to apply the interim fix containing APAR JR60078 as soon as practical:
- IBM Robotic Process Automation with Automation Anywhere v11.0
Product |VRMF|APAR|Remediation / First Fix
—|—|—|—
IBM Robotic Process Automation with Automation Anywhere | 11.0.0.1 | JR60078 | IBM Robotic Process Automation with Automation Anywhere v11.0.0.2
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm robotic process automation with automation anywhere | eq | 11.0 |
Related
prion
prion
Code injection
2018-11-02 15:29:00
nvd
nvd
CVE-2018-1877
2018-11-02 15:29:00
cve
cve
CVE-2018-1877
2018-11-02 15:29:00
cvelist
cvelist
CVE-2018-1877
2018-10-30 00:00:00
0.0004 Low
EPSS
Percentile
5.1%
Related for 45FD77DF74798FFBC7B43811AC8D355374F13D65279ED8C5DFD89F0A84A6C17A