UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an malicious user to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV file path.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
uipath assistant 21.4.4 |