Filtered by vendor Bonitasoft Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-25237 1 Bonitasoft 1 Bonita Web 2024-11-21 9.8 Critical
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API endpoints. This can lead to remote code execution by abusing the privileged API actions.
CVE-2020-36640 1 Bonitasoft 1 Webservice Connector 2024-11-21 5.5 Medium
A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.1 is able to address this issue. The patch is named a12ad691c05af19e9061d7949b6b828ce48815d5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217443.
CVE-2015-3898 1 Bonitasoft 1 Bonita Bpm Portal 2024-11-21 N/A
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
CVE-2015-3897 1 Bonitasoft 1 Bonita Bpm Portal 2024-11-21 N/A
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.