Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2024/08/06 2:16 p.m.0 views

CVE-2024-41226

A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. T...

7.8CVSS6.1AI score0.00322EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2024/08/06 12:0 a.m.2 views

PT-2024-29312 · Automation Anywhere · Automation Anywhere Automation 360

Name of the Vulnerable Software and Affected Versions: Automation Anywhere Automation 360 version 21094 Description: A CSV injection issue allows attackers to execute arbitrary code via a crafted payload. The payload is injected in the HTTP response from the client-side. Note that Automation...

8.8CVSS8.2AI score0.00322EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2024/07/26 1:52 p.m.36 views

CVE-2024-6922 Server-Side Request Forgery in Automation 360

Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service port 443 or HTTP service port 80 can trigger arbitrary web requests from the server...

6.9CVSS7AI score0.32593EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/07/26 1:52 p.m.17 views

CVE-2024-6922 Server-Side Request Forgery in Automation 360

Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service port 443 or HTTP service port 80 can trigger arbitrary web requests from the server...

6.9CVSS0.32593EPSS
Exploits0References1
CVE
CVEadded 2024/07/26 1:52 p.m.90 views

CVE-2024-6922

Automation Anywhere Automation 360 is affected by an unauthenticated Server-Side Request Forgery (SSRF) in its web API component for v21–v32. The issue allows an attacker with access to the Control Room (HTTPS/HTTP) to elicit arbitrary requests from the server, potentially reaching internal servi...

6.9CVSS6.7AI score0.32593EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blogadded 2024/07/26 1:5 p.m.4 views

CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery

Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery SSRF. SSRF occurs when the server can be induced to perform arbitrary requests on behalf of an attacker. An attacker with unauthenticated access to the Automation 360 Control Room...

6.9CVSS8AI score0.32593EPSS
Exploits0
GithubExploit
GithubExploitadded 2022/09/15 8:29 a.m.604 views

Exploit for Use of Hard-coded Credentials in Automationanywhere Automation_360

CVE-2022-29856-PoC Minimal...

7.5CVSS7.7AI score0.00557EPSS
Exploits2
CNNVD
CNNVDadded 2022/04/29 12:0 a.m.3 views

Automation 360 信任管理问题漏洞

Automation 360 is a cloud-native end-to-end intelligent automation platform. A security vulnerability exists in Automation 360 version 22 that stems from a hard-coded encryption key that can decrypt exported RPA packages...

7.5CVSS7.3AI score0.00557EPSS
Exploits2References3
Rows per page
Query Builder