Design/Logic Flaw

2019-02-2117:29:00

PRIOn knowledge base

www.prio-n.com

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.3%

JSON

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to upload arbitrary files to the system. IBM X-Force ID: 155008.

CPENameOperatorVersion
robotic_process_automation_with_automation_anywherege11.0.0.0
robotic_process_automation_with_automation_anywherelt11.0.0.4

CPE	Name	Operator	Version
	robotic_process_automation_with_automation_anywhere	ge	11.0.0.0
	robotic_process_automation_with_automation_anywhere	lt	11.0.0.4

References

www.securityfocus.com/bid/107122

exchange.xforce.ibmcloud.com/vulnerabilities/155008

www.ibm.com/support/docview.wss?uid=ibm10794133