Vulnerabilities > CVE-2020-26173 - Authorization Bypass Through User-Controlled Key vulnerability in Tangro Business Workflow 1.17.5

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

tangro

CWE-639

NVD

Published: 2020-12-18

Updated: 2021-07-21

Summary

An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents (PDF) by providing a valid document ID and token. No further authentication is required.

Vulnerable Configurations

Part	Description	Count
Application	Tangro Tangro Business Workflow 1.17.5	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://www.tangro.de/
https://blog.to.com/advisory-tangro-bwf-1-17-5-multiple-vulnerabilities/