← Back

Bonitasoft

bonitasoft

5 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Bonita Bpm Portal
bonita_bpm_portal
2 CVEs
Bonita Web
bonita_web
2 CVEs
Webservice Connector
webservice_connector
1 CVE

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-26542
1Bonitasoft
1Bonita Web
Sep 17, 2025
Feb 27, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field.
CVE-2020-36640
1Bonitasoft
1Webservice Connector
Nov 21, 2024
Jan 5, 2023
N/A· v4
9.8 CRITICAL· v3
4.9 MEDIUM· v2
A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/...Show more
A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.1 is able to address this issue. The patch is named a12ad691c05af19e9061d7949b6b828ce48815d5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217443.Show less
CVE-2022-25237
1Bonitasoft
1Bonita Web
Nov 21, 2024
Jun 2, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to...Show more
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API endpoints. This can lead to remote code execution by abusing the privileged API actions.Show less
CVE-2015-3898
1Bonitasoft
1Bonita Bpm Portal
Nov 21, 2024
Feb 28, 2018
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1)...Show more
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.Show less
CVE-2015-3897
1Bonitasoft
1Bonita Bpm Portal
May 6, 2026
Jun 18, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/the...Show more
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.Show less