CVE-2018-1812

Name of the Vulnerable Software and Affected Versions IBM Robotic Process Automation with Automation Anywhere Enterprise version 10

Description The issue is caused by missing escaping of a database field, leading to persistent cross-site scripting. An attacker with access to the Control Room database could exploit this to execute script in a victim's web browser within the security context of the hosting Web site, once the victim opens a certain page in Control Room.

Recommendations For IBM Robotic Process Automation with Automation Anywhere Enterprise version 10, consider restricting access to the Control Room database to minimize the risk of exploitation. As a temporary workaround, limit the ability to open certain pages in Control Room until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.