CVE-2023-37287

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-7222-cdfd0-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:smartsoft:smartbpm.net:6.70:*:*:*:*:*:*:*

History

13 Jul 2023, 18:59

Type Values Removed Values Added
References (CONFIRM) https://www.twcert.org.tw/tw/cp-132-7222-cdfd0-1.html - (CONFIRM) https://www.twcert.org.tw/tw/cp-132-7222-cdfd0-1.html - Third Party Advisory
First Time Smartsoft
Smartsoft smartbpm.net
CPE cpe:2.3:a:smartsoft:smartbpm.net:6.70:*:*:*:*:*:*:*

10 Jul 2023, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-10 02:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-37287

Mitre link : CVE-2023-37287

CVE.ORG link : CVE-2023-37287


JSON object : View

Products Affected

smartsoft

  • smartbpm.net
CWE
CWE-798

Use of Hard-coded Credentials