Vulnerability Details CVE-2018-17305
UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2018-17305
-
cpe:2.3:a:uipath:orchestrator:2016.2
-
cpe:2.3:a:uipath:orchestrator:2016.2.6192
-
cpe:2.3:a:uipath:orchestrator:2016.2.6232
-
cpe:2.3:a:uipath:orchestrator:2016.2.6274
-
cpe:2.3:a:uipath:orchestrator:2016.2.6302
-
cpe:2.3:a:uipath:orchestrator:2016.2.6344
-
cpe:2.3:a:uipath:orchestrator:2016.2.6379
-
cpe:2.3:a:uipath:orchestrator:2016.2.6393
-
cpe:2.3:a:uipath:orchestrator:2016.2.6442
-
cpe:2.3:a:uipath:orchestrator:2016.2.6655
-
cpe:2.3:a:uipath:orchestrator:2017.1.6435
-
cpe:2.3:a:uipath:orchestrator:2017.1.6522
-
cpe:2.3:a:uipath:orchestrator:2017.1.6547
-
cpe:2.3:a:uipath:orchestrator:2017.1.6612
-
cpe:2.3:a:uipath:orchestrator:2017.1.6656
-
cpe:2.3:a:uipath:orchestrator:2017.1.6682
-
cpe:2.3:a:uipath:orchestrator:2018.1
-
cpe:2.3:a:uipath:orchestrator:2018.1.1
-
cpe:2.3:a:uipath:orchestrator:2018.1.2
-
cpe:2.3:a:uipath:orchestrator:2018.1.3
-
cpe:2.3:a:uipath:orchestrator:2018.1.4
-
cpe:2.3:a:uipath:orchestrator:2018.1.5
-
cpe:2.3:a:uipath:orchestrator:2018.1.6
-
cpe:2.3:a:uipath:orchestrator:2018.1.7
-
cpe:2.3:a:uipath:orchestrator:2018.2
-
cpe:2.3:a:uipath:orchestrator:2018.2.2
-
cpe:2.3:a:uipath:orchestrator:2018.2.3
-
cpe:2.3:a:uipath:orchestrator:2018.2.4