Arbitrary User Information Modification and Privilege Escalation in UiPath Orchestrator through 2018.2.4

Arbitrary User Information Modification and Privilege Escalation in UiPath Orchestrator through 2018.2.4

CVE-2018-17305 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution.

Learn more about our User Device Pen Test.