CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-32457

Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.1%

CVSS Severity

CVSS v3 Score 5.3

References

https://www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bb
https://www.twcert.org.tw/tw/cp-132-6287-20ef0-1.html
https://www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bb
https://www.twcert.org.tw/tw/cp-132-6287-20ef0-1.html

Products affected by CVE-2022-32457

Digiwin » Business Process Management » Version: N/A

cpe:2.3:a:digiwin:business_process_management:-
Digiwin » Business Process Management » Version: 5.8.6.1

cpe:2.3:a:digiwin:business_process_management:5.8.6.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-32457

Products

Pricing

Contact Us