vulnerability

Automation 360 Automation Anywhere SSRF vulnerability (CVE-2024-6922)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Jul 26, 2024	Jul 26, 2024	Jul 29, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Jul 26, 2024

Added

Jul 26, 2024

Modified

Jul 29, 2024

Description

Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF). An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.

Solution

automation-anywhere-automation-360-upgrade-latest

References

CVE-2024-6922
https://attackerkb.com/topics/CVE-2024-6922

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today