Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service.
References
Configurations
History
21 Nov 2024, 07:17
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/ - Vendor Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-6684-53149-1.html - Third Party Advisory |
Information
Published : 2022-11-10 15:15
Updated : 2024-11-21 07:17
NVD link : CVE-2022-39038
Mitre link : CVE-2022-39038
CVE.ORG link : CVE-2022-39038
JSON object : View
Products Affected
flowring
- agentflow
CWE
CWE-287
Improper Authentication