Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.
CPE | Name | Operator | Version |
---|---|---|---|
business_process_management | lt | 5.8.8.1 |