Smartbpm.net

smartbpm.net

Vendor: Smartsoft • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-37288 1Smartsoft 1Smartbpm.net Jun 17, 2026 Jul 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.
CVE-2023-37287 1Smartsoft 1Smartbpm.net Jun 17, 2026 Jul 10, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execut...Show more SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes.Show less
CVE-2023-37286 1Smartsoft 1Smartbpm.net Jun 17, 2026 Jul 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt servic...Show more SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service.Show less