go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center


Status Internet Co. Ltd PowerBPM - Broken Access Control

TVN ID TVN-202305001
CVE ID CVE-2023-25780
CVSS 5.7 (Medium)
Affected Products Status Internet Co.,Ltd. PowerBPM v2.0
Description It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence.
Solution Contact Status Internet Co. Ltd
Credit E4
Public Date 2023-06-16