CVE-2022-39038

🗓️ 10 Nov 2022 02:20:46Reported by twcertType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 55 Views

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2022-39038	13 Nov 202205:49	–	circl
CNNVD	Flowring Technology Agentflow BPM 授权问题漏洞	10 Nov 202200:00	–	cnnvd
Cvelist	CVE-2022-39038 FLOWRING Agentflow BPM - Broken Access Control	10 Nov 202202:20	–	cvelist
EUVD	EUVD-2022-41584	3 Oct 202520:07	–	euvd
NVD	CVE-2022-39038	10 Nov 202215:15	–	nvd
Prion	Authentication flaw	10 Nov 202215:15	–	prion
Positive Technologies	PT-2022-24692 · Unknown · Agentflow Bpm	10 Nov 202200:00	–	ptsecurity
Vulnrichment	CVE-2022-39038 FLOWRING Agentflow BPM - Broken Access Control	10 Nov 202202:20	–	vulnrichment

NVD

Vulners

Node

flowring agentflowMatch4.0.0.1183.552

[
  {
    "vendor": "FLOWRING",
    "product": "Agentflow BPM",
    "versions": [
      {
        "version": "4.0.0.1183.552",
        "status": "affected"
      }
    ]
  }
]

Source	Link
flowring	www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/
twcert	www.twcert.org.tw/tw/cp-132-6684-53149-1.html