Release date: 17th October 2018
- In rare cases, processes were no longer visible in the Robot Tray, if the user logged off and then logged on again. This occurred only on Attended Robots that were connected to Orchestrator, and their AD user ids were malformed.
A security fix has been made for Orchestrator which prevents an authenticated user to elevate their privileges and execute commands remotely on a target machine (RCE). Please note that the issue did not have any impact on the audit system in Orchestrator.
Please ensure you apply the indicated patch to your Orchestrator instance. This action is mandatory.
A CVE report is available here.