CVE-2024-41226

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 6, 2024
Updated: Sep 3, 2024
CWE ID 1236

Summary

CVE-2024-41226 is a CSV injection vulnerability affecting Automation Anywhere Automation 360 version 21094. An attacker can exploit this weakness by providing a maliciously crafted CSV file, resulting in the execution of arbitrary code. Automation Anywhere disputes this report, claiming the attacker executes code from the client side and the server's security controls have no role. However, the payload is being injected into the HTTP response from the client-side, making it an end-user issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share