CVE-2018-1547
Last modified
CVE-2018-1547 is a vulnerability of currently unknown severity. IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. EPSS estimates a 2.18% chance of exploitation in the next 30 days.
Description
IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Robotic Process Automation With Automation Anywhere | 10.0 |
References
- http://www.ibm.com/support/docview.wss?uid=swg22016197Patch, Vendor Advisory
- http://www.securityfocus.com/bid/104469Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/142651VDB Entry, Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg22016197Patch, Vendor Advisory
- http://www.securityfocus.com/bid/104469Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/142651VDB Entry, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1547?
How severe is CVE-2018-1547?
How do I fix CVE-2018-1547?
Are you affected by CVE-2018-1547?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST