ByteOS Network

NVD Vulnerability Details :

CVE-2022-39036

Analyzed

Source-twcert@cert.org.tw

Published At-10 Nov, 2022 | 15:15

Updated At-15 Nov, 2022 | 17:18

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

flowring>>agentflow>>4.0.0.1183.552

cpe:2.3:a:flowring:agentflow:4.0.0.1183.552:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-434	Primary	nvd@nist.gov
CWE-434	Secondary	twcert@cert.org.tw

References

Hyperlink	Source	Resource
https://www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/	twcert@cert.org.tw	Vendor Advisory
https://www.twcert.org.tw/tw/cp-132-6682-21207-1.html	twcert@cert.org.tw	Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History