CVE-2024-6922

EUVD-2024-47909
Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
rapid7CNA
6.9 MEDIUM
NETWORK
LOW
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
automationanywhereautomation_360
21 ≤
𝑥
≤ 32
CNA
Common Weakness Enumeration
References
https://www.automationanywhere.com/products/automation-360
https://www.automationanywhere.com/products/automation-360