Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Blue Prism Enterprise 安全漏洞
Vulnerability Description
Blue Prism Enterprise是英国Blue Prism公司的一种智能机器人流程自动化 (RPA) 软件。 Blue Prism Enterprise 6.0 至 7.01 版本存在安全漏洞,该漏洞源于在暴露出Blue Prism应用服务器的错误配置环境中,经过身份验证的用户可以对Blue Prism软件进行反向工程,并绕过UpdateOfflineHelpData管理功能的访问控制,滥用这个功能将允许任何Blue Prism用户将离线帮助的URL改为他们自己选择的URL,从而有可能欺骗帮助页
CVSS Information
N/A
Vulnerability Type
N/A