CVE-2022-32458

Summary

Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.

Affected Software

VendorProductVersion RangeStatus
Data Systems Consulting Co., Ltd.BPMunspecified <= 5.8.6.1affected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

ADP Enrichment

CVE Program Container

Additional References

References