CVE-2018-1547 Information
Feb 14, 2021
cve
Description
IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export to open it in Microsoft Excel and to confirm the two security questions an attacker could exploit this vulnerability to run any command or program on the victim’s machine. IBM X-Force ID: 142651.
CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Reference
http://www.ibm.com/support/docview.wss?uid=swg22016197 http://www.securityfocus.com/bid/104469 https://exchange.xforce.ibmcloud.com/vulnerabilities/142651
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.7
Share on: