It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html | Third Party Advisory |
Configurations
History
21 Nov 2024, 07:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html - Third Party Advisory |
09 Jun 2023, 18:10
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html - Third Party Advisory | |
CPE | cpe:2.3:a:status:powerbpm:2.0:*:*:*:*:*:*:* | |
First Time |
Status powerbpm
Status |
02 Jun 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-02 11:15
Updated : 2024-11-21 07:50
NVD link : CVE-2023-25780
Mitre link : CVE-2023-25780
CVE.ORG link : CVE-2023-25780
JSON object : View
Products Affected
status
- powerbpm
CWE
CWE-306
Missing Authentication for Critical Function