CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Bonitasoft: >> Bonita Web Security Vulnerabilities

CVE-2022-25237

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API endpoints. This can lead to remote code execution by abusing the privileged API actions.

CVSS Score

9.8

EPSS Score

0.794

Published

2022-06-02

Page 1

Vulnerabilities

Vulnerable Software

Bonitasoft: >> Bonita Web Security Vulnerabilities

Products

Pricing

Contact Us