2 matches found
CVE-2022-32458 Data Systems Consulting Co., Ltd. BPM - XML External Entity (XXE) Injection
Digiwin BPM has a XML External Entity Injection XXE vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files...
CVE-2022-32456 Data Systems Consulting Co., Ltd. BPM - SQL Injection
Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service...