CVE-2018-17305

EUVD-2018-9060
UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
uipathorchestrator
𝑥
≤ 2018.2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.uipath.com/product/release-notes/uipath-v2018.1.7
https://www.uipath.com/product/release-notes/uipath-v2018.1.7