HIGH🇵🇱 Wersja polska

CVE-2022-39038

CVSS 8.8v3.1pub. 2022-11-10upd. 2024-11-21

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Flowring Agentflow

    APP
    Flowring
    4.0.0.1183.552
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-2095CRITICAL9.3PL ✓ten sam produkt

Pomijanie uwierzytelnienia w Flowring Agentflow — przejęcie tokenu dowolnego użytkownika

CVE-2026-2096CRITICAL9.3PL ✓ten sam produkt

Flowring Agentflow — brak uwierzytelnienia umożliwia manipulację bazą danych

CVE-2025-3709CRITICAL9.8PL ✓ten sam produkt

Flowring Agentflow — pominięcie blokady konta umożliwia atak brute force

CVE-2022-39036CRITICAL9.8ten sam produkt

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauth...

CVE-2026-2097HIGH8.7ten sam produkt

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote atta...