RSS   Vulnerabilities for 'Bonita bpm portal'   RSS

2018-02-28
 
CVE-2015-3898

CWE-601
 
 
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.

 
2015-06-18
 
CVE-2015-3897

CWE-22
 
 
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.

 

 >>> Vendor: Bonitasoft 2 Products
Bonita bpm portal
Bonita web

Copyright 2024, cxsecurity.com

 

Back to Top