Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8AAACE4B8576E759E07E007A6C62A6C7EADF6433E09CA81BDF0E3614C86C7DF0
HistoryMar 02, 2022 - 4:40 p.m.

Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation

2022-03-0216:40:15
www.ibm.com
49

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.081 Low

EPSS

Percentile

94.1%

JSON

Summary

Multiple vulnerabilities in IBM Robotic Process Automation

Vulnerability Details

CVEID:CVE-2021-26701
**DESCRIPTION:**Microsoft .NET Core and Visual Studio could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196358 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-8331
**DESCRIPTION:**Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the tooltip or popover data-template. A remote attacker could exploit this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/157409 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Robotic Process Automation < 21.0.1

Remediation/Fixes

Product Remediation/First fix
IBM Robotic Process Automation 21.0.1

Workarounds and Mitigations

None, IBM Robotic Process Automation 21.0.1 or higher must be applied to correct the problem.

Related

fedora 6
nessus 48
oraclelinux 6
altlinux 8
cve 3
archlinux 4
prion 3
redhat 21
ibm 21
almalinux 5
veracode 2
github 5
githubexploit 1
thn 2
paloalto 1
mscve 1
osv 10
redhatcve 2
typo3 1
f5 1
gitlab 1
ubuntucve 1
debiancve 1
nodejs 1
hackerone 2
openvas 1
freebsd 1
laminas 1
jvn 1
kaspersky 1
malwarebytes 1
ics 1
centos 1
rocky 2
amazon 1
threatpost 1
rapid7blog 1
oracle 1
fedora
fedora
[SECURITY] Fedora 33 Update: dotnet3.1-3.1.113-1.fc33
2021-03-27 01:11:47
[SECURITY] Fedora 33 Update: dotnet5.0-5.0.104-1.fc33
2021-03-23 01:34:49
[SECURITY] Fedora 34 Update: dotnet5.0-5.0.104-1.fc34
2021-03-22 02:11:07
nessus
nessus
RHEL 7 : .NET Core 2.1 on Red Hat Enterprise Linux (RHSA-2021:0787)
2021-03-10 00:00:00
RHEL 8 : .NET Core on RHEL 8 (RHSA-2021:0793)
2021-03-10 00:00:00
RHEL 8 : dotnet (RHSA-2021:0788)
2021-03-10 00:00:00
oraclelinux
oraclelinux
dotnet security and bugfix update
2021-03-10 00:00:00
.NET Core on OL 8 security and bugfix update
2021-03-11 00:00:00
dotnet3.1 security and bugfix update
2021-03-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package dotnet-runtime-7.0 version 5.0.5-alt1
2021-04-17 00:00:00
Security fix for the ALT Linux 9 package dotnet-bootstrap-3.1 version 3.1.14-alt1
2021-04-17 00:00:00
Security fix for the ALT Linux 9 package dotnet-bootstrap-5.0 version 5.0.5-alt1
2021-04-17 00:00:00
cve
cve
CVE-2021-26701
2021-02-25 23:15:00
CVE-2019-8331
2019-02-20 16:29:00
CVE-2023-32711
2023-06-01 17:15:10
archlinux
archlinux
[ASA-202103-23] dotnet-sdk-3.1: arbitrary code execution
2021-03-25 00:00:00
[ASA-202103-20] dotnet-runtime: arbitrary code execution
2021-03-25 00:00:00
[ASA-202103-22] dotnet-runtime-3.1: arbitrary code execution
2021-03-25 00:00:00
prion
prion
Remote code execution
2021-02-25 23:15:00
Design/Logic Flaw
2019-02-20 16:29:00
Cross site scripting
2023-06-01 17:15:00
redhat
redhat
(RHSA-2021:0793) Important: .NET Core on RHEL 8 security and bugfix update
2021-03-09 20:33:04
(RHSA-2021:0788) Important: dotnet security and bugfix update
2021-03-09 19:44:45
(RHSA-2021:0794) Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update
2021-03-09 20:48:24
ibm
ibm
Security Bulletin: Vulnerability of System.Text.Encodings.Web.4.5.0 .dll has afftected to .NET Agent
2023-07-11 11:31:57
Security Bulletin: Vulnerability in Microsoft .NET Core and Visual Studio affects IBM Process Mining . CVE-2021-26701
2023-02-01 20:04:18
Security Bulletin: IBM API Connect Developer Portal is affected by a cross site scripting vulnerability in Bootstrap (CVE-2019-8331)
2019-04-04 14:55:02
almalinux
almalinux
Important: .NET Core on RHEL 8 security and bugfix update
2021-03-09 20:33:04
Important: dotnet3.1 security and bugfix update
2021-03-09 19:46:05
Important: dotnet security and bugfix update
2021-03-09 19:44:45
veracode
veracode
Remote Code Execution
2021-04-14 03:10:39
Cross-site Scripting (XSS)
2019-02-14 08:50:01
github
github
Moderate severity vulnerability that affects bootstrap and bootstrap-sass
2019-02-22 20:54:27
Moderate severity vulnerability that affects Bootstrap.Less, bootstrap, and bootstrap.sass
2019-02-22 20:54:40
Bootstrap Vulnerable to Cross-Site Scripting
2019-02-22 20:54:47
githubexploit
githubexploit
Exploit for Cross-site Scripting in Getbootstrap Bootstrap
2020-12-01 09:18:58
thn
thn
Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw
2021-07-05 06:42:00
Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs
2021-02-10 04:44:00
paloalto
paloalto
Informational: Impact of Microsoft PowerShell Vulnerability CVE-2021-26701 on Cortex XSOAR
2021-08-11 16:00:00
mscve
mscve
.NET Core Remote Code Execution Vulnerability
2021-02-09 08:00:00
osv
osv
BIT-dotnet-sdk-2021-26701
2024-03-06 11:00:00
BIT-dotnet-2021-26701
2024-03-06 10:59:50
CVE-2021-26701
2021-02-25 23:15:16
redhatcve
redhatcve
CVE-2021-26701
2021-03-01 15:40:09
CVE-2019-8331
2020-01-04 09:44:24
typo3
typo3
Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0
2019-05-07 00:00:00
f5
f5
K24383845 : Bootstrap vulnerability CVE-2019-8331
2019-04-10 00:00:00
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2019-02-20 00:00:00
ubuntucve
ubuntucve
CVE-2019-8331
2019-02-20 00:00:00
debiancve
debiancve
CVE-2019-8331
2019-02-20 16:29:00
nodejs
nodejs
Cross-Site Scripting
2019-05-22 18:03:13
hackerone
hackerone
Sifchain: Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation
2021-06-05 15:52:39
Sifchain: Vulnerable javascript dependency at Main domain
2021-05-07 20:48:11
openvas
openvas
Pi-hole Ad-Blocker < 5.0 Multiple Vulnerabilities
2020-05-12 00:00:00
freebsd
freebsd
mantis -- multiple vulnerabilities
2019-08-28 00:00:00
laminas
laminas
XSS vectors in laminas-api-tools/api-tools
2020-04-01 21:30:00
jvn
jvn
JVN#06527859: KinagaCMS vulnerable to cross-site scripting
2019-03-15 00:00:00
kaspersky
kaspersky
KLA12073 Multiple vulnerabilities in Microsoft Developer Tools
2021-02-09 00:00:00
malwarebytes
malwarebytes
Big Patch Tuesday: Microsoft and Adobe fix in-the-wild exploits
2021-02-10 17:26:33
ics
ics
Mitsubishi Electric EcoWebServerIII
2022-02-24 12:00:00
centos
centos
ipa, python2 security update
2020-10-20 18:15:27
rocky
rocky
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
amazon
amazon
Medium: ipa
2020-10-22 17:40:00
threatpost
threatpost
Actively Exploited Windows Kernel Bug Allows Takeover
2021-02-09 22:33:08
rapid7blog
rapid7blog
Patch Tuesday - February 2021
2021-02-09 23:51:27
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.081 Low

EPSS

Percentile

94.1%

JSON
Related for 8AAACE4B8576E759E07E007A6C62A6C7EADF6433E09CA81BDF0E3614C86C7DF0
fedora6nessus48oraclelinux6altlinux8cve3archlinux4prion3redhat21ibm21almalinux5veracode2github5githubexploit1thn2paloalto1mscve1osv10redhatcve2typo31f51gitlab1ubuntucve1debiancve1nodejs1hackerone2openvas1freebsd1laminas1jvn1kaspersky1malwarebytes1ics1centos1rocky2amazon1threatpost1rapid7blog1oracle1