Bonitasoft Bonita Bpm Portal vulnerabilities
2 known vulnerabilities affecting bonitasoft/bonita_bpm_portal.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2015-3897P2MEDIUMCVSS 5.0ExploitedPoC≤ 6.5.22015-06-18
CVE-2015-3897 [MEDIUM] CWE-22 CVE-2015-3897: Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
nvd
CVE-2015-3898P4MEDIUMCVSS 6.1PoCfixed in 6.5.32018-02-28
CVE-2015-3898 [MEDIUM] CWE-601 CVE-2015-3898: Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to r
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
nvd