Vulnerability Details CVE-2023-37286
SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 85.0%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-37286
-
cpe:2.3:a:smartsoft:smartbpm.net:6.70