CVE-2023-25780

MEDIUM 5.7

Status Internet Co.,Ltd. PowerBPM - Broken Access Control

CVSS Score

5.7

EPSS Score

0.0%

EPSS Percentile

0th

It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence.

CWE	CWE-306
Vendor	status internet co.,ltd.
Product	powerbpm
Published	Jun 2, 2023
Last Updated	Jan 8, 2025

Stay Ahead of the Next One

Get instant alerts for status internet co.,ltd. powerbpm

Be the first to know when new medium vulnerabilities affecting status internet co.,ltd. powerbpm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected Versions

Status Internet Co.,Ltd. / PowerBPM

2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

twcert.org.tw: https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html

CVE-2023-25780

Status Internet Co.,Ltd. PowerBPM - Broken Access Control

Get instant alerts for status internet co.,ltd. powerbpm

CVSS v3 Breakdown

Affected Versions

References

Credits