23 matches found
EUVD-2022-35528
Malicious code in bioql PyPI...
EUVD-2022-35530
Malicious code in bioql PyPI...
EUVD-2022-35529
Malicious code in bioql PyPI...
CVE-2022-32456
Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service...
CVE-2022-32457
Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response...
CVE-2022-32457
Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response...
CVE-2022-32456
Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service...
CVE-2022-32458
Digiwin BPM has a XML External Entity Injection XXE vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files...
Server side request forgery (ssrf)
Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response...
Xxe
Digiwin BPM has a XML External Entity Injection XXE vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files...
Sql injection
Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service...
CVE-2022-32458
Digiwin BPM is affected by CVE-2022-32458, a XML External Entity Injection (XXE) vulnerability caused by insufficient validation of user input. An unauthenticated remote attacker can perform XML injection to access arbitrary system files. The CVSS v3.1 base score is 7.5 (HIGH) with NETWORK attack...
CVE-2022-32457
Digiwin BPM is affected by CVE-2022-32457 due to inadequate filtering of URL parameters, enabling an unauthenticated remote attacker to perform a Blind SSRF and discover internal network topology from URL error responses. This is supported by multiple sources (NVD entry, CVE records, and related ...
CVE-2022-32457 Data Systems Consulting Co., Ltd. BPM - Blind Server-Side Request Forgery (SSRF)
Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response...
CVE-2022-32456 Data Systems Consulting Co., Ltd. BPM - SQL Injection
Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service...
Digiwin BPM 代码问题漏洞
Digiwin BPM is a business process management platform from Digiwin Software Taiwan, China. A security vulnerability exists in Digiwin BPM that stems from insufficient validation of user input, which could allow an unauthenticated, remote attacker to gain access to arbitrary system files by...
PT-2022-21332 · Digiwin · Digiwin Bpm
Name of the Vulnerable Software and Affected Versions: Digiwin BPM affected versions not specified Description: The issue is related to inadequate filtering for URL parameters in Digiwin BPM, allowing an unauthenticated remote attacker to perform a Blind SSRF Server-Side Request Forgery attack...
PT-2022-21331 · Unknown · Digiwin Bpm
Name of the Vulnerable Software and Affected Versions: Digiwin BPM affected versions not specified Description: The issue is related to insufficient validation for user input in a function of Digiwin BPM. This allows an unauthenticated remote attacker to inject arbitrary SQL commands, potentially...
Digiwin BPM 代码问题漏洞
Digiwin BPM is a business process management platform from Taiwan, China-based Digiwin Software Digiwin. A security vulnerability exists in Digiwin BPM, which stems from insufficient filtering of URL parameters, which could allow an unauthenticated, remote attacker to discover the internal networ...
PT-2022-21333 · Digiwin · Digiwin Bpm
Name of the Vulnerable Software and Affected Versions: Digiwin BPM affected versions not specified Description: The issue is related to a XML External Entity Injection XXE vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform an XML injection...