CVEs (3)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Digiwin 1Business Process Management Nov 21, 2024 Jul 20, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files. |
1Digiwin 1Business Process Management Nov 21, 2024 Jul 20, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response. |
1Digiwin 1Business Process Management Nov 21, 2024 Jul 20, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service. |