Automation Anywhere Automation 360 - Server-Side Request Forgery

Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. id: CVE-2024-6922 info: name: Automation Anywhere Automation 360 - Server-Side Request Forgery author: DhiyaneshDK severity: high description: | Automation Anywhere Automation 360 v21-v...

EUVD-2018-12391

Malware in sbrugna...

CVE-2024-41226

A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. T...

Security Bulletin: Lucky 13 Attack Vulnerability in IBM Robotic Process Automation with Automation Anywhere - CVE-2021-29876

Summary The Lucky Thirteen attack is a crystallographic timing attack against implementations of the Transport Layer Security TLS protocol that use the CBC mode of operation. An attacker could perform man in the middle attacks to successfully obtain plain text from the secure channel. Vulnerabili...

CVE-2024-41226

A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. T...

CVE-2024-41226

A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. T...

Automation Anywhere Automation 360 安全漏洞

Automation Anywhere Automation 360 is a cloud-native end-to-end intelligent automation platform from Automation Anywhere, Inc. A security vulnerability exists in Automation Anywhere Automation 360 version 21094, which stems from the inclusion of a CSV injection vulnerability that allows an attack...

CVE-2024-41226

CVE-2024-41226 describes a CSV injection vulnerability in Automation Anywhere Automation 360 (v21094). The underlying issue allows an attacker to trigger arbitrary code execution by injecting a crafted payload into the HTTP response from the client-side, with the end-user owning the response and ...

CVE-2024-41226

A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. T...

CVE-2024-41226

A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. T...

PT-2024-29312 · Automation Anywhere · Automation Anywhere Automation 360

Name of the Vulnerable Software and Affected Versions: Automation Anywhere Automation 360 version 21094 Description: A CSV injection issue allows attackers to execute arbitrary code via a crafted payload. The payload is injected in the HTTP response from the client-side. Note that Automation...

CVE-2024-6922

Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service port 443 or HTTP service port 80 can trigger arbitrary web requests from the server...

CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery

Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery SSRF. SSRF occurs when the server can be induced to perform arbitrary requests on behalf of an attacker. An attacker with unauthenticated access to the Automation 360 Control Room...

Automation Anywhere Automation 360 安全漏洞

Automation Anywhere Automation 360 is a cloud-native end-to-end intelligent automation platform from Automation Anywhere, Inc. A security vulnerability exists in Automation Anywhere Automation 360 versions v21 through v32. An attacker exploiting this vulnerability could trigger arbitrary web...

PT-2024-37960 · Automation Anywhere · Automation 360

Name of the Vulnerable Software and Affected Versions: Automation Anywhere Automation 360 versions v21 through v32 Description: The issue allows an attacker with unauthenticated access to the Automation 360 Control Room HTTPS service port 443 or HTTP service port 80 to trigger arbitrary web...

Security Bulletin: IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged ...

Security Bulletin: Due to use of PostgreSQL, IBM Robotic Process Automation with Automation Anywhere is vulnerable to SQL injection (CVE-2021-23214)

Summary There are vulnerabilities in the PostgreSQL used by IBM Robotic Process Automation with Automation Anywhere. This affects the IBM Robotic Process Automation with Automation Anywhere control room application. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Due to use of PostgreSQL, IBM Robotic Process Automation with Automation Anywhere is vulnerable to data confidentiality (CVE-2021-32029)

Summary There are vulnerabilities in the PostgreSQL used by IBM Robotic Process Automation with Automation Anywhere. This affects the IBM Robotic Process Automation with Automation Anywhere control room application. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere - CVE-2021-32028

Summary IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL. Vulnerability Details CVEID: CVE-2021-32028 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a memory disclosure vulnerabili...

Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere - CVE-2020-10733

Summary IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Robotic Process...