Vulnerabilities > Digiwin

DATE CVE VULNERABILITY TITLE RISK
2024-08-02 CVE-2024-7323 Path Traversal vulnerability in Digiwin Easyflow .Net
Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input.
network
low complexity
digiwin CWE-22
6.5
2022-07-20 CVE-2022-32456 SQL Injection vulnerability in Digiwin Business Process Management 5.8.6.1
Digiwin BPM’s function has insufficient validation for user input.
network
low complexity
digiwin CWE-89
critical
9.8
2022-07-20 CVE-2022-32457 Server-Side Request Forgery (SSRF) vulnerability in Digiwin Business Process Management 5.8.6.1
Digiwin BPM has inadequate filtering for URL parameter.
network
low complexity
digiwin CWE-918
5.3
2022-07-20 CVE-2022-32458 XXE vulnerability in Digiwin Business Process Management 5.8.6.1
Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input.
network
low complexity
digiwin CWE-611
7.5