Server side request forgery (ssrf)

2022-07-2002:15:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.1%

JSON

Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.

CPENameOperatorVersion
business_process_managementlt5.8.8.1

CPE	Name	Operator	Version
	business_process_management	lt	5.8.8.1

References

www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bb

www.twcert.org.tw/tw/cp-132-6287-20ef0-1.html