← back
CVE-2022-32456

Data Systems Consulting Co., Ltd. BPM - SQL Injection

CVSS 9.8 CRITICALEPSS 1.3%CWE-89
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Jul 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Data Systems Consulting Co., Ltd. · BPM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bbhttps://www.twcert.org.tw/tw/cp-132-6286-3030a-1.html