IBM Robotic Process Automation with Automation Anywhere is vulnerable to a cross-site scripting vulnerability
CVEID: CVE-2018-1795 DESCRIPTION: IBM Robotic Process Automation with Automation Anywhere Enterprise is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149073> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
The recommended solution is to apply the interim fix containing APAR JR59922 as soon as practical:
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm robotic process automation with automation anywhere | eq | 10.0 |