go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

NewType FlowMaster BPM Plus - Privilege Escalation

TVN ID TVN-202410007
CVE ID CVE-2024-9970
CVSS 8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products FlowMaster BPM Plus Service Pack before version v5.3.1.
Description The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.
Solution Update Service Pack to version v5.3.1 or later.
Credit RedTeam HCC
Public Date 2024-10-15
Top