| |
Vulnerability CVE-2023-25780
Published: 2023-06-02
| Description: |
It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence. |
Type:
CWE-306 (Missing Authentication for Critical Function)
References: |
https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
