CVE-2022-32457

Summary

Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.

Affected Software

VendorProductVersion RangeStatus
Data Systems Consulting Co., Ltd.BPMunspecified <= 5.8.6.1affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

References