manager-workflow is vulnerable to Insecure Direct Object References (IDOR). The vulnerability exists due to improper authentication mechanism used in ProcessServiceImpl.java
when operating a workflow, which allows an attacker to access files or directories and cancel an application that doesn’t belongs to them.