Improper Authentication in Agentflow BPM Enterprise Management System Allows Arbitrary Account Privilege Escalation
CVE-2022-39038 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service.
Learn more about our User Device Pen Test.