CVE-2022-29856

A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages.
References
Link Resource
https://dolosgroup.io/blog Exploit Third Party Advisory
https://www.automationanywhere.com/products/automation-360 Product Vendor Advisory
https://dolosgroup.io/blog Exploit Third Party Advisory
https://www.automationanywhere.com/products/automation-360 Product Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:automationanywhere:automation_360:22:*:*:*:*:*:*:*

History

21 Nov 2024, 06:59

Type Values Removed Values Added
References () https://dolosgroup.io/blog - Exploit, Third Party Advisory () https://dolosgroup.io/blog - Exploit, Third Party Advisory
References () https://www.automationanywhere.com/products/automation-360 - Product, Vendor Advisory () https://www.automationanywhere.com/products/automation-360 - Product, Vendor Advisory

11 May 2022, 15:25

Type Values Removed Values Added
CPE cpe:2.3:a:automationanywhere:automation_360:22:*:*:*:*:*:*:*
References (MISC) https://www.automationanywhere.com/products/automation-360 - (MISC) https://www.automationanywhere.com/products/automation-360 - Product, Vendor Advisory
References (MISC) https://dolosgroup.io/blog - (MISC) https://dolosgroup.io/blog - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CWE CWE-798

29 Apr 2022, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-29 16:15

Updated : 2024-11-21 06:59


NVD link : CVE-2022-29856

Mitre link : CVE-2022-29856

CVE.ORG link : CVE-2022-29856


JSON object : View

Products Affected

automationanywhere

  • automation_360
CWE
CWE-798

Use of Hard-coded Credentials