CVE-2018-1552
MEDIUMIBM Robotic Process Automation With A... - Unrestricted File Upload
Title source: ruleDescription
IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889.
References (2)
Core 2
Core References
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/142889
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22016247
Scores
CVSS v3
5.5
EPSS
0.0187
EPSS Percentile
83.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-434
Status
published
Products (2)
ibm/robotic_process_automation_with_automation_anywhere
10
ibm/robotic_process_automation_with_automation_anywhere
11
Published
Nov 02, 2018
Tracked Since
Feb 18, 2026