CVE-2018-1547

HIGH Year: 2018
CVSS v3 Score
7.7
High
CVSS v2 Score
5.1
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651.

Related Vulnerabilities

CVE-2016-0362

HIGH
CVSS:7.7(High)

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger net...

NVD-CWE-Other2016

CVE-2016-1996

HIGH
CVSS:7.7(High)

HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.

NVD-CWE-Other2016

CVE-2016-3440

HIGH
CVSS:7.7(High)

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

NVD-CWE-Other2016

CVE-2016-3481

HIGH
CVSS:7.7(High)

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect availability via vectors related to Web.

NVD-CWE-Other2016

CVE-2016-3503

HIGH
CVSS:7.7(High)

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.

NVD-CWE-Other2016

CVE-2016-3511

HIGH
CVSS:7.7(High)

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.

NVD-CWE-Other2016