Vulnerabilities > Digiwin
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-02 | CVE-2024-7323 | Path Traversal vulnerability in Digiwin Easyflow .Net Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. | 6.5 |
2022-07-20 | CVE-2022-32456 | SQL Injection vulnerability in Digiwin Business Process Management 5.8.6.1 Digiwin BPM’s function has insufficient validation for user input. | 9.8 |
2022-07-20 | CVE-2022-32457 | Server-Side Request Forgery (SSRF) vulnerability in Digiwin Business Process Management 5.8.6.1 Digiwin BPM has inadequate filtering for URL parameter. | 5.3 |
2022-07-20 | CVE-2022-32458 | XXE vulnerability in Digiwin Business Process Management 5.8.6.1 Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. | 7.5 |