Vulnerability Description
UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Uipath | Orchestrator | <= 2018.2.4 |
Related Weaknesses (CWE)
References
- https://www.uipath.com/product/release-notes/uipath-v2018.1.7PatchRelease NotesVendor Advisory
- https://www.uipath.com/product/release-notes/uipath-v2018.1.7PatchRelease NotesVendor Advisory
FAQ
What is CVE-2018-17305?
CVE-2018-17305 is a vulnerability with a CVSS score of 8.8 (HIGH). UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution.
How severe is CVE-2018-17305?
CVE-2018-17305 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-17305?
Check the references section above for vendor advisories and patch information. Affected products include: Uipath Orchestrator.