How severe is CVE-2024-41226?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-41226?

This is classified as CWE-1236, which is a common weakness in software security.

CVE-2024-41226 - HIGH Severity | CVSS 8.8

Vulnerability Description

A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. The payload is being injected in the http Response from the client-side, so the owner of the Response and payload is the end user in this case. They contend that the server's security controls have no impact or role to play in this situation and therefore this is not a valid vulnerability.

Related Vulnerabilities

CVE-2018-10255

HIGH

CVSS:8.8(High)

A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, lead...

CWE-12362018

CVE-2018-10257

HIGH

CVSS:8.8(High)

A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading ...

CWE-12362018

CVE-2018-10258

HIGH

CVSS:8.8(High)

A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to pos...

CWE-12362018

CVE-2018-20468

HIGH

CVSS:8.8(High)

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside ...

CWE-12362018

CVE-2018-7201

HIGH

CVSS:8.8(High)

CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.

CWE-12362018

CVE-2018-7304

HIGH

CVSS:8.8(High)

Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demo...

CWE-12362018