Vulnerability Description
IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Robotic Process Automation With Automation Anywhere | 10.0 |
References
- http://www.ibm.com/support/docview.wss?uid=swg22016197PatchVendor Advisory
- http://www.securityfocus.com/bid/104469Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/142651VDB EntryVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg22016197PatchVendor Advisory
- http://www.securityfocus.com/bid/104469Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/142651VDB EntryVendor Advisory
FAQ
What is CVE-2018-1547?
CVE-2018-1547 is a vulnerability with a CVSS score of 8.0 (HIGH). IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a...
How severe is CVE-2018-1547?
CVE-2018-1547 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1547?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Robotic Process Automation With Automation Anywhere.