Vulnerability Details CVE-2022-32458
Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 79.2%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-32458
-
cpe:2.3:a:digiwin:business_process_management:-
-
cpe:2.3:a:digiwin:business_process_management:5.8.6.1