cbcvebase.
CVE-2022-32458
published 2022-07-20

CVE-2022-32458: Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can…

PriorityP351high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.91%
55.6th percentile
Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.

Affected

2 ranges
VendorProductVersion rangeFixed in
data_systems_consulting_co_ltdbpmunspecified – 5.8.6.1
digiwinbusiness_process_management< 5.8.8.15.8.8.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.