2 matches found
CVE-2022-32457
Digiwin BPM is affected by CVE-2022-32457 due to inadequate filtering of URL parameters, enabling an unauthenticated remote attacker to perform a Blind SSRF and discover internal network topology from URL error responses. This is supported by multiple sources (NVD entry, CVE records, and related ...
CVE-2022-32457 Data Systems Consulting Co., Ltd. BPM - Blind Server-Side Request Forgery (SSRF)
Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response...