CVE-2024-6922
MEDIUM NUCLEIAutomation Anywhere Automation 360 v21-v32 - SSRF
Title source: llmExploitation Summary
CVE-2024-6922 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.
Nuclei Templates (1)
Automation Anywhere Automation 360 - Server-Side Request Forgery
HIGHVERIFIEDby DhiyaneshDK
Shodan:
http.favicon.hash:-1005691603
FOFA:
icon_hash="-1005691603"
References (1)
Core 1
Core References
Various Sources
https://www.automationanywhere.com/products/automation-360
Scores
CVSS v4
6.9
EPSS
0.3017
EPSS Percentile
98.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (1)
Automationanywhere/Automation 360
21 - 32
Published
Jul 26, 2024
Tracked Since
Feb 18, 2026