Business Workflow
CVE-2020-26174
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser (client-side) and can be circumvented. This allows an attacker to upload any file as an attachment to a workitem.
AnalysisAI
tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser (client-side) and can be circumvented. This allows an attacker to upload any file as an attachment to a workitem. Affected products include: Tangro Business Workflow. Version information: before 1.18.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
More in Business Workflow
View allIn tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse th
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments wit
In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not int
An issue was discovered in tangro Business Workflow before 1.18.1. Rated medium severity (CVSS 4.3), this vulnerability
An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download docu
In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today