Inadequate URL Filtering in Digiwin BPM Allows for Blind SSRF Attack
CVE-2022-32457 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.
Learn more about our Internal Network Penetration Testing.