CVE-2018-19855 Information

Description

UiPath Orchestrator before 2018.3.4 allows CSV Injection related to the Audit export Robot log export and Transaction log export features.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Reference

https://www.uipath.com/product/release-notes https://www2.deloitte.com/de/de/pages/risk/articles/uipath-orchestrator-csv-injection.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

5.5