digiwin business_process_management CVE Vulnerabilities (3)

CVEs: 3 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting digiwin business_process_management (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 13 of 3 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2022-32458 Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files. [email protected] 7.5 0.88% 2022-07-19 2026-06-17
CVE-2022-32457 Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response. [email protected] 5.3 0.65% 2022-07-19 2026-06-17
CVE-2022-32456 Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service. [email protected] 9.8 1.30% 2022-07-19 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence