Inadequate URL Filtering in Digiwin BPM Allows for Blind SSRF Attack

Inadequate URL Filtering in Digiwin BPM Allows for Blind SSRF Attack

CVE-2022-32457 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.

Learn more about our Internal Network Penetration Testing.