Samrtsoft Smartbpm.Net vulnerabilities
2 known vulnerabilities affecting samrtsoft/smartbpm.net.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2023-37286P2CRITICALCVSS 9.8v6.702023-07-10
CVE-2023-37286 [CRITICAL] CWE-798 CVE-2023-37286: SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remot
SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service.
nvd
CVE-2023-37287P2CRITICALCVSS 9.1v6.702023-07-10
CVE-2023-37287 [CRITICAL] CWE-798 CVE-2023-37287: SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote a
SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes.
nvd