Vulnerability Description
Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digiwin | Business Process Management | < 5.8.8.1 |
Related Weaknesses (CWE)
References
- https://www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bbThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-6287-20ef0-1.htmlThird Party Advisory
- https://www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bbThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-6287-20ef0-1.htmlThird Party Advisory
FAQ
What is CVE-2022-32457?
CVE-2022-32457 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.
How severe is CVE-2022-32457?
CVE-2022-32457 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-32457?
Check the references section above for vendor advisories and patch information. Affected products include: Digiwin Business Process Management.