CVE-2023-37287

Published: Jul 10, 2023Modified: Jun 17, 2026

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: twcert@cert.org.tw (Secondary)

Description

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes.

Affected (1)

Products: Smartsoft: Smartbpm.net

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Smartsoft Smartbpm.net	Version 6.70

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://www.twcert.org.tw/tw/cp-132-7222-cdfd0-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-7222-cdfd0-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.