Xxe

2022-07-2002:15:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.2%

JSON

Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.

CPENameOperatorVersion
business_process_managementlt5.8.8.1

CPE	Name	Operator	Version
	business_process_management	lt	5.8.8.1

References

www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bb

www.twcert.org.tw/tw/cp-132-6288-49e01-1.html