CVE-2020-26175
CVE-2020-26175 affects Tangro Business Workflow prior to 1.18.1. An attacker can manipulate the value of the PERSON parameter in requests to the /api/profile endpoint to change the profile information of other users. The root cause is an authorization/validation flaw that allows parameter tamperi...