Skip to main content

Business Process Management

3 CVEs product

Monthly

CVE-2022-32458 HIGH This Week

Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Business Process Management
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-32457 MEDIUM This Month

Digiwin BPM has inadequate filtering for URL parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Business Process Management
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-32456 CRITICAL Act Now

Digiwin BPM’s function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Business Process Management
NVD
CVSS 3.1
9.8
EPSS
1.3%
EPSS 1% CVSS 7.5
HIGH This Week

Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Business Process Management
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Digiwin BPM has inadequate filtering for URL parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Business Process Management
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Digiwin BPM’s function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Business Process Management
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy