Description
UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.uipath.com/product/release-notes
Exploit, Third Party Advisory x_refsource_misc
https://www2.deloitte.com/de/de/pages/risk/articles/uipath-orchestrator-csv-injection.html
Scores
CVSS v3
5.5
EPSS
0.0109
EPSS Percentile
60.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-1236
Status
published
Products (1)
uipath/orchestrator
< 2018.3.4
Published
Aug 08, 2019
Tracked Since
Feb 18, 2026