CVE-2018-19855

low-risk
Published 2019-08-08

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features.

Do I need to act?

-
0.26% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Orchestrator

Affected Vendors

Uipath

References (4)

Release Notes https://www.uipath.com/product/release-notes
Exploit https://www2.deloitte.com/de/de/pages/risk/articles/uipath-orchestrator-csv-inje...
Release Notes https://www.uipath.com/product/release-notes
Exploit https://www2.deloitte.com/de/de/pages/risk/articles/uipath-orchestrator-csv-inje...
24
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal