An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for a domain authenticated user to send a crafted message to the Blue Prism Server and accomplish a remote code execution attack that is possible because of insecure deserialization. Exploitation of this vulnerability allows for code to be executed in the context of the Blue Prism Server service.
References
Link | Resource |
---|---|
https://blueprism.com | Product |
https://community.blueprism.com/discussion/security-vulnerability-notification-ssc-blue-prism-enterprise | Vendor Advisory |
https://portal.blueprism.com/security-vulnerabilities-august-2022 | Permissions Required Vendor Advisory |
Configurations
History
No history.
Information
Published : 2022-08-25 23:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-36119
Mitre link : CVE-2022-36119
CVE.ORG link : CVE-2022-36119
JSON object : View
Products Affected
ssctech
- blue_prism
CWE
CWE-502
Deserialization of Untrusted Data