Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-11875

EPSS 0.34% · P57
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-11875

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. The vulnerability allows for abusing the application for fraud or unauthorized access to certain information. The attack requires a valid user account to connect to the Blue Prism server, but the roles associated to this account are not required to have any permissions. First of all, the application files are modified to grant full permissions on the client side. In a test environment (or his own instance of the software) an attacker is able to grant himself full privileges also on the server side. He can then, for instance, create a process with malicious behavior and export it to disk. With the modified client, it is possible to import the exported file as a release and overwrite any existing process in the database. Eventually, the bots execute the malicious process. The server does not check the user's permissions for the aforementioned actions, such that a modification of the client software enables this kind of attack. Possible scenarios may involve changing bank accounts or setting passwords.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Blue Prism Group Robotic Process Automation 权限许可和访问控制问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Blue Prism Group Robotic Process Automation(RPA)是英国Blue Prism Group公司的一套机器人过程自动化软件。 Blue Prism Group RPA 6.5.0.12573之前版本中存在访问控制错误漏洞。该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2019-11875

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-11875

登录查看更多情报信息。

Same Patch Batch · n/a · 2019-05-24 · 35 CVEs total

CVE-2019-11876PrestaShop 跨站脚本漏洞
CVE-2018-19612Westermo DR-260、DR-250和MR-260 代码问题漏洞
CVE-2018-19613Westermo DR-260、DR-250和MR-260 跨站请求伪造漏洞
CVE-2019-10847Computrols CBAS Web 跨站请求伪造漏洞
CVE-2019-10848Computrols CBAS Web 信息泄露漏洞
CVE-2016-10245Doxygen 跨站脚本漏洞
CVE-2016-8898OIC Exponent CMS SQL注入漏洞
CVE-2016-8900OIC Exponent CMS 注入漏洞
CVE-2019-11604Quest Software KACE Systems Management Appliance 跨站脚本漏洞
CVE-2019-8346ZOHO ManageEngine ADSelfService Plus 跨站脚本漏洞
CVE-2019-12150Karamasoft UltimateEditor 代码问题漏洞
CVE-2019-12155QEMU 代码问题漏洞
CVE-2019-12195TP-Link TL-WR840N 跨站脚本漏洞
CVE-2019-12315Samsung SCX-824 跨站脚本漏洞
CVE-2019-12314Deltek Maconomy 路径遍历漏洞
CVE-2019-12313Shave 跨站脚本漏洞
CVE-2019-12312Libreswan 代码问题漏洞
CVE-2016-10751Osclas 路径遍历漏洞
CVE-2016-10759Precurio Software Precurio Xinha插件路径遍历漏洞
CVE-2016-10758PHPKIT 代码问题漏洞

Showing top 20 of 35 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2019-11875

No comments yet

Leave a comment