IBMECD39D8A551AB38CCA692A1AA9F4DAF3F3AFE5E4C6FB6EF4CB20F5FFA47EE41ASecurity Bulletin: Remote Code Execution vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1552)
0.01 Low
EPSS
Percentile
83.4%
Summary
IBM Robotic Process Automation with Automation Anywhere is vulnerable to a remote code execution vulnerability
Vulnerability Details
CVEID: CVE-2018-1552 DESCRIPTION: IBM Robotic Process Automation with Automation Anywhere allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142889> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected IBM Robotic Process Automation with Automation Anywhere | Affected Versions |
|---|---|
| IBM Robotic Process Automation with Automation Anywhere | 10.0, 11.0 |
Remediation/Fixes
| Product | VRMF | APAR | Remediation / First Fix |
|---|---|---|---|
| IBM Robotic Process Automation with Automation Anywhere | 10.0.0.CF201803 | JR59512 | IBM Robotic Process Automation with Automation Anywhere v10.0.0.CF201803 |
| IBM Robotic Process Automation with Automation Anywhere | 11.0.0.1 | JR59512 | IBM Robotic Process Automation with Automation Anywhere v11.0.0.2 |
Workarounds and Mitigations
None
Related
0.01 Low
EPSS
Percentile
83.4%