CVE-2018-1547

high

Description

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/142651

http://www.securityfocus.com/bid/104469

http://www.ibm.com/support/docview.wss?uid=swg22016197

Details

Source: Mitre, NVD

Published: 2018-06-07

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.7

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01267