← Back

Orchestrator

orchestrator

Vendor: Uipath • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-19855
1Uipath
1Orchestrator
Nov 21, 2024
Aug 8, 2019
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features.
CVE-2018-17305
1Uipath
1Orchestrator
Nov 21, 2024
Apr 11, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution.