CVE-2024-41226
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Aug 6, 2024
Updated: Sep 3, 2024
CWE ID 1236
Summary
CVE-2024-41226 is a CSV injection vulnerability affecting Automation Anywhere Automation 360 version 21094. An attacker can exploit this weakness by providing a maliciously crafted CSV file, resulting in the execution of arbitrary code. Automation Anywhere disputes this report, claiming the attacker executes code from the client side and the server's security controls have no role. However, the payload is being injected into the HTTP response from the client-side, making it an end-user issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Automation Anywhere, Inc.