57 matches found
EUVD-2020-18797
Malware in sbrugna...
EUVD-2020-18796
Malware in sbrugna...
EUVD-2020-18798
Malware in sbrugna...
EUVD-2020-18802
Malware in sbrugna...
EUVD-2020-18803
Malware in sbrugna...
EUVD-2020-18800
Malware in sbrugna...
EUVD-2020-18801
Malware in sbrugna...
CVE-2020-26173
An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents PDF by providing a valid document ID and token. No further authentication is required...
CVE-2020-26172
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp...
CVE-2020-26175
In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users...
CVE-2020-26174
tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser client-side and can be circumvented. This allows an attacker to upload any file as an...
Tangro Business Workflow Authorization Issues Vulnerability (CNVD-2020-74066)
Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A vulnerability exists in Tangro Business Workflow prior to version 1.18.1 due to an authorization issue, which stems from the...
Tangro Business Workflow Code Issue Vulnerability
Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A code issue vulnerability exists in tangro Business Workflow versions prior to 1.18.1, which stems from requesting a list of...
Tangro Business Workflow Authorization Issues Vulnerability (CNVD-2020-74068)
Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A vulnerability exists in Tangro Business Workflow prior to version 1.18.1 due to an authorization issue, which stems from a...
Tangro Business Workflow Access Control Error Vulnerability
Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. An access control error vulnerability exists in Tangro Business Workflow versions prior to 1.18.1, which stems from the fact tha...
Tangro Business Workflow Authorization Issues Vulnerability
Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A security vulnerability exists in Tangro Business Workflow versions prior to 1.18.1, which stems from a failure of a proper...
Tangro Business Workflow Authorization Issues Vulnerability (CNVD-2020-74071)
Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A security vulnerability exists in Tangro Business Workflow versions prior to 1.18.1, which can be exploited by an attacker to...
CVE-2020-26176
An issue was discovered in tangro Business Workflow before 1.18.1. No or broken access control checks exist on the /api/document//attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to...
CVE-2020-26175
In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users...
CVE-2020-26178
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated...