Vulnerabilities > CVE-2022-32457 - Server-Side Request Forgery (SSRF) vulnerability in Digiwin Business Process Management 5.8.6.1

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

digiwin

CWE-918

NVD

Published: 2022-07-20

Updated: 2022-09-14

Summary

Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.

Vulnerable Configurations

Part	Description	Count
Application	Digiwin Digiwin Business Process Management - Digiwin Business Process Management 5.8.6.1	2

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.twcert.org.tw/tw/cp-132-6287-20ef0-1.html
https://www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bb