IBMB7125AF1961373C00440298B5320A929BEC064C2802855BF533EEE6C1F3F9A76Security Bulletin: Cross-Site Scripting vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2017-1751)
0.001 Low
EPSS
Percentile
26.5%
Summary
IBM RPA with Automation Anywhere is vulnerable to cross-site scripting.
Vulnerability Details
CVEID**:** CVE-2017-1751**
DESCRIPTION:** IBM Robotic Process Automation with Automation Anywhere is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135546> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
- IBM Robotic Process Automation with Automation Anywhere V10.0.0.0
Remediation/Fixes
The recommended solution is to apply the cumulative fix containing APAR JR58759 as soon as practical:
- IBM Robotic Process Automation with Automation Anywhere
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm robotic process automation with automation anywhere | eq | 10.0.0 |
Related
0.001 Low
EPSS
Percentile
26.5%