CVE-2018-1547 Vulnerability Details

  /     /     /  

CVE-2018-1547 Metadata Quick Info

CVE Published: 07/06/2018 | CVE Updated: 16/09/2024 | CVE Year: 2018
Source: ibm | Vendor: IBM | Product: Robotic Process Automation with Automation Anywhere
Status : PUBLISHED

---

CVE-2018-1547 Description

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim\'s machine. IBM X-Force ID: 142651.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Gain Access
Source: IBM

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).