Business Process Management
CVE-2022-32458
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (cert) · only source for this CVE.
CVSS VectorVendor: cert
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.
AnalysisAI
Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as XML External Entity (XXE) (CWE-611), which allows attackers to read arbitrary files or perform SSRF through XML processing. Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files. Affected products include: Digiwin Business Process Management.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Disable external entity processing in XML parsers, use JSON instead of XML where possible.
More in Business Process Management
View allDigiwin BPM’s function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerabilit
Digiwin BPM has inadequate filtering for URL parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely
Share
External POC / Exploit Code
Leaving vuln.today