19 matches found
CVE-2019-4297
IBM Robotic Process Automation with Automation Anywhere (version 11) is affected by CVE-2019-4297 due to an LDAP injection in the LDAP handling path. The vulnerability allows a remote authenticated attacker to craft requests that can query or modify LDAP content. The IBM security bulletin confirm...
CVE-2019-4336
CVE-2019-4336 affects IBM Robotic Process Automation with Automation Anywhere (v11). The vulnerability stems from an inadequate account lockout setting in the Forgot-Password/authentication flow, enabling a remote attacker to brute-force credentials. This is supported by multiple sources (NVD ent...
CVE-2019-4337
CVE-2019-4337 affects IBM Robotic Process Automation with Automation Anywhere (version 11). The IBM bulletin documents an information-disclosure vulnerability caused by missing authentication in Ignite cluster nodes, enabling an attacker to obtain sensitive information. CVSS details in the entry ...
CVE-2019-4296
IBM Robotic Process Automation with Automation Anywhere (11.0) is affected by CVE-2019-4296. The issue allows a local attacker to read email contents from the client debug log file due to logging of sensitive data, constituting an information-disclosure vulnerability. Affected version: 11.0.0.0–1...
CVE-2019-4298
Summary of CVE-2019-4298 / IBM RPA with Automation Anywhere 11 : The vulnerability stems from using a high-privilege PostgreSQL admin account for application database access, enabling a local user to perform actions beyond their privileges. Affected product/version: IBM Robotic Process Automation...
CVE-2019-4295
CVE-2019-4295 affects IBM Robotic Process Automation with Automation Anywhere version 11.0. The issue allows an attacker with specialized access to obtain highly sensitive information from the Credential Vault, representing a high-confidentiality disclosure (CVSSv3 base score 4.9). The IBM bullet...
CVE-2019-4299
The CVE concerns IBM Robotic Process Automation with Automation Anywhere (11.0). A local attacker could access highly sensitive information from debug log files due to a logging exposure in the Client; the root cause is log data written when debugging is enabled. Impact is indicated as HIGH confi...
CVE-2020-4901
The CVE-2020-4901 issue affects IBM Robotic Process Automation with Automation Anywhere 11.0. The root cause is an information-disclosure vulnerability enabling an attacker on the network to obtain sensitive data (via username enumeration) and, in some cases, trigger a denial of service. The avai...
CVE-2018-1547
IBM Robotic Process Automation with Automation Anywhere 10.0 is affected by CVE-2018-1547 due to improper output encoding in CSV exports, enabling remote code execution when a user opens a CSV and confirms two security questions in Excel. The vulnerability arises from encoding issues in the CSV e...
CVE-2018-2006
CVE-2018-2006 affects IBM Robotic Process Automation with Automation Anywhere (AA) 11.0. It is a directory traversal vulnerability where a remote attacker can craft a URL with dot-dot sequences (../) to traverse the filesystem and upload arbitrary files. The CVSS evidence indicates network access...
CVE-2017-1751
CVE-2017-1751 affects IBM Robotic Process Automation with Automation Anywhere 10.0.0. The issue is a cross-site scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially exposing credentials within a trusted session. The root cause is insufficient input f...
CVE-2018-1812
CVE-2018-1812 affects IBM Robotic Process Automation with Automation Anywhere Enterprise (V10.0). The vulnerability is a persistent cross-site scripting flaw caused by missing escaping of a database field in the Control Room, allowing an attacker with database access to execute scripts in a victi...
CVE-2018-1552
CVE-2018-1552 affects IBM Robotic Process Automation with Automation Anywhere, versions 10.0 and 11.0. The vulnerability stems from a missing restriction on the types of files that can be uploaded to the control room, enabling a remote attacker to upload a malicious file and trick a user into exe...
CVE-2018-1878
CVE-2018-1878 affects IBM Robotic Process Automation with Automation Anywhere (11.0). The root cause is an information disclosure in web requests that could reveal sensitive data to an attacker, enabling future attacks. Affected version: 11.0.0.1. Remediation: upgrade to IBM Robotic Process Autom...
CVE-2018-1795
The CVE-2018-1795 entry concerns IBM Robotic Process Automation with Automation Anywhere Enterprise 10 (V10.0), where a cross-site scripting vulnerability exists in the Web UI that can allow injection of arbitrary JavaScript code and potentially lead to credentials disclosure within a trusted ses...
CVE-2018-1877
CVE-2018-1877 affects IBM Robotic Process Automation with Automation Anywhere (11.0). The vulnerability stems from storing highly sensitive information as unencrypted passwords, making them readable by a local user. Impact is information disclosure of credentials stored by the RPA component. Reme...
CVE-2018-1514
IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross‑site request forgery (CVE-2018-1514). The issue arises from CSRF allowing a remote attacker to trigger malicious actions transmitted from a trusted user session. Affected product/version: IBM Robotic Process Autom...
CVE-2018-1876
CVE-2018-1876 affects IBM Robotic Process Automation with Automation Anywhere 11.0, where passwords may be written in plaintext to a Control Room log file after installation. Affected versions: 11.0 (fixed in 11.0.0.2, with remediation JR60077). The issue stems from logging behavior in the produc...
CVE-2018-1908
CVE-2018-1908 affects IBM Robotic Process Automation with Automation Anywhere version 11.0, where a cross-site scripting (XSS) vulnerability in the Web UI could allow an attacker to inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Documented imp...