CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents PDF by providing a valid document ID and token. No further authentication is required...

4.3CVSS7.1AI score0.00731EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:19 p.m.•12 views

CVE-2020-26172

Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp...

6.5CVSS6.8AI score0.00652EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:18 p.m.•6 views

CVE-2020-26175

In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users...

6.5CVSS6.6AI score0.00659EPSS

Exploits1

RedhatCVE•added 2025/02/05 1:32 p.m.•9 views

CVE-2020-26174

tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser client-side and can be circumvented. This allows an attacker to upload any file as an...

8.8CVSS6.7AI score0.01234EPSS

Exploits1

CNVD•added 2020/12/24 12:0 a.m.•3 views

Tangro Business Workflow Authorization Issues Vulnerability (CNVD-2020-74068)

Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A vulnerability exists in Tangro Business Workflow prior to version 1.18.1 due to an authorization issue, which stems from a...

4.3CVSS6.7AI score0.00744EPSS

Exploits1References1

CNVD•added 2020/12/24 12:0 a.m.•2 views

Tangro Business Workflow Access Control Error Vulnerability

Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. An access control error vulnerability exists in Tangro Business Workflow versions prior to 1.18.1, which stems from the fact tha...

4.3CVSS6.7AI score0.00641EPSS

Exploits1References1

CNVD•added 2020/12/24 12:0 a.m.•4 views

Tangro Business Workflow Code Issue Vulnerability

Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A code issue vulnerability exists in tangro Business Workflow versions prior to 1.18.1, which stems from requesting a list of...

8.8CVSS7AI score0.01234EPSS

Exploits1References1

CNVD•added 2020/12/24 12:0 a.m.•3 views

Tangro Business Workflow Authorization Issues Vulnerability (CNVD-2020-74066)

5.3CVSS6.8AI score0.00886EPSS

Exploits1References1

CNVD•added 2020/12/21 12:0 a.m.•2 views

Tangro Business Workflow Authorization Issues Vulnerability

Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A security vulnerability exists in Tangro Business Workflow versions prior to 1.18.1, which stems from a failure of a proper...

4.3CVSS6.7AI score0.00731EPSS

Exploits1References1

CNVD•added 2020/12/21 12:0 a.m.•1 views

Tangro Business Workflow Authorization Issues Vulnerability (CNVD-2020-74071)

6.5CVSS6.5AI score0.00659EPSS

Exploits1References1

OSV•added 2020/12/18 10:15 a.m.•3 views

CVE-2020-26177

In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users. However, this restriction is only applied client-side. Manipulating any of the greyed-out values in requests to /api/profile is not prohibit...

4.3CVSS5.8AI score0.00641EPSS

Exploits1References2