Improper Authentication in Agentflow BPM Enterprise Management System Allows Arbitrary Account Privilege Escalation

Improper Authentication in Agentflow BPM Enterprise Management System Allows Arbitrary Account Privilege Escalation

CVE-2022-39038 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service.

Learn more about our User Device Pen Test.