CVE-2018-17305

UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
uipathorchestrator
𝑥
≤ 2018.2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.uipath.com/product/release-notes/uipath-v2018.1.7
https://www.uipath.com/product/release-notes/uipath-v2018.1.7