Vulnerability Description
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Processmaker | Processmaker | < 3.5.4 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/168427/ProcessMaker-Privilege-Escalation.htExploitThird Party AdvisoryVDB Entry
- http://processmaker.comProduct
- https://drive.google.com/file/d/1iP9NYUkYEy_FGMpcnTkUWn8nGcqDT02_/view?usp=shariExploitThird Party Advisory
- http://packetstormsecurity.com/files/168427/ProcessMaker-Privilege-Escalation.htExploitThird Party AdvisoryVDB Entry
- http://processmaker.comProduct
- https://drive.google.com/file/d/1iP9NYUkYEy_FGMpcnTkUWn8nGcqDT02_/view?usp=shariExploitThird Party Advisory
FAQ
What is CVE-2022-38577?
CVE-2022-38577 is a vulnerability with a CVSS score of 8.8 (HIGH). ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.
How severe is CVE-2022-38577?
CVE-2022-38577 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-38577?
Check the references section above for vendor advisories and patch information. Affected products include: Processmaker Processmaker.