Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-39038

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service.

Published

2022-11-10T15:15:14.647

Last Modified

2024-11-21T07:17:25.600

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-287
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	flowring	agentflow	4.0.0.1183.552	Yes

References

https://www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/ Vendor Advisory ([email protected])
https://www.twcert.org.tw/tw/cp-132-6684-53149-1.html Third Party Advisory ([email protected])
https://www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.twcert.org.tw/tw/cp-132-6684-53149-1.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)