N/A

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file.

N/A

N/A

Blue Prism Enterprise 安全漏洞

Blue Prism Enterprise是英国Blue Prism公司的一种智能机器人流程自动化 (RPA) 软件。 Blue Prism Enterprise 6.0 至 7.01 版本存在安全漏洞，该漏洞源于在暴露出Blue Prism应用服务器的错误配置环境中，经过身份验证的用户可以对Blue Prism软件进行反向工程，并绕过UpdateOfflineHelpData管理功能的访问控制，滥用这个功能将允许任何Blue Prism用户将离线帮助的URL改为他们自己选择的URL，从而有可能欺骗帮助页

N/A

N/A