Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

FLOWRING Security Vulnerabilities

cve
cve

CVE-2022-39038

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt...

8.8CVSS

8.6AI Score

0.002EPSS

2022-11-10 03:15 PM
27
7
cve
cve

CVE-2022-39036

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt...

9.8CVSS

9.7AI Score

0.005EPSS

2022-11-10 03:15 PM
26
4
cve
cve

CVE-2022-39037

Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system...

7.5CVSS

7.8AI Score

0.002EPSS

2022-11-10 03:15 PM
29
4