exploitDog

CVE-2022-32458

Опубликовано: 20 июл. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.

Ссылки

https://www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bb
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-6288-49e01-1.html
Third Party Advisory
https://www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bb
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-6288-49e01-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:digiwin:business_process_management:*:*:*:*:*:*:*:*

Версия до 5.8.8.1 (исключая)

EPSS

Процентиль: 77%

0.01071

Низкий

7.5 High

CVSS3

Дефекты

CWE-611

CWE-611

Связанные уязвимости

GHSA-g939-v35m-p2v6

CVSS3: 7.5

github

больше 3 лет назад

Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.

EPSS

Процентиль: 77%

0.01071

Низкий

7.5 High

CVSS3

Дефекты

CWE-611

CWE-611