3 matches found
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the scripting engine. An attacker with the admin role ROLEADMIN can execute arbitrary code and access sensitive data by creating or modifying and executing process definitions with administrative privileges...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack due to differences in response times for existing and non-existing users in the password reset functionality. An attacker can determine the existence of usernames by observing the time it takes for the server to respond...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Reporting API. An attacker can gain unauthorized access to sensitive report data by exploiting the flawed HTTP Basic Authentication implementation. Note: This is only exploitable if the API is enabled and...