2 matches found
CVE-2020-26175
In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users...
CVE-2020-26175
CVE-2020-26175 affects Tangro Business Workflow prior to 1.18.1. An attacker can manipulate the value of the PERSON parameter in requests to the /api/profile endpoint to change the profile information of other users. The root cause is an authorization/validation flaw that allows parameter tamperi...