3 matches found
CVE-2022-32458
creationtimestamp| type| source ---|---|--- 2022-07-20 07:41:30+00:00| seen| https://t.me/cibsecurity/46628...
CVE-2022-32458
Digiwin BPM is affected by CVE-2022-32458, a XML External Entity Injection (XXE) vulnerability caused by insufficient validation of user input. An unauthenticated remote attacker can perform XML injection to access arbitrary system files. The CVSS v3.1 base score is 7.5 (HIGH) with NETWORK attack...
CVE-2022-32458 Data Systems Consulting Co., Ltd. BPM - XML External Entity (XXE) Injection
Digiwin BPM has a XML External Entity Injection XXE vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files...