{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T22:40:28.499","vulnerabilities":[{"cve":{"id":"CVE-2018-1812","sourceIdentifier":"psirt@us.ibm.com","published":"2018-10-05T13:29:09.773","lastModified":"2024-11-21T04:00:24.650","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in a victim's web browser within the security context of the hosting Web site, once victim opens a certain page in Control Room. IBM X-Force ID: 149883."},{"lang":"es","value":"IBM Robotic Process Automation with Automation Anywhere Enterprise 10 es vulnerable a Cross-Site Scripting (XSS) persistente provocado por la falta de escape del campo de una base de datos. Un atacante que tenga acceso a la base de datos Control Room podría explotar esta vulnerabilidad para ejecutar scripts en el navegador web de una víctima en el contexto de seguridad del sitio web alojador, una vez la víctima abre cierta página en Control Room. IBM X-Force ID: 149883."}],"metrics":{"cvssMetricV30":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:robotic_process_automation_with_automation_anywhere:10.0:*:*:*:*:*:*:*","matchCriteriaId":"70CDC4BC-3923-44B1-B173-E43523A978F1"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/149883","source":"psirt@us.ibm.com","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/docview.wss?uid=ibm10731925","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/149883","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/docview.wss?uid=ibm10731925","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}