GCVE - cpe:2.3:a:digiwin:business_process

Approved changes feed: RSS · Atom

cpe:2.3:a:digiwin:business_process_management:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Digiwin (`18dbde5d-3a25-581d-bda3-d32fc7ff848a`)
Product	Business Process Management (`925f0449-ae2e-567e-a4ee-e8f058303864`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-32458`	vulnerable	2026-06-08 05:44:43.362359	Data Systems Consulting Co., Ltd. BPM - XML External Entity (XXE) Injection HIGH (7.5) Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files. Published: 2022-07-20T02:01:30.078Z Updated: 2024-09-16T18:39:22.085Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-6288-49e01-1.html https://www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bb	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-32457`	vulnerable	2026-06-08 05:44:43.362016	Data Systems Consulting Co., Ltd. BPM - Blind Server-Side Request Forgery (SSRF) MEDIUM (5.3) Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response. Published: 2022-07-20T02:01:03.596Z Updated: 2024-09-16T22:35:56.260Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-6287-20ef0-1.html https://www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bb	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-32456`	vulnerable	2026-06-08 05:44:43.361570	Data Systems Consulting Co., Ltd. BPM - SQL Injection CRITICAL (9.8) Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service. Published: 2022-07-20T02:00:37.816Z Updated: 2024-09-16T16:18:57.887Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-6286-3030a-1.html https://www.chtsecurity.com/news/09757883-fea6-4aff-9e22-8ae8c4f8f7bb	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Business Process Management

PURL mappings

Vulnerability references

Contribute