Description
Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server .
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Digiwin / EasyFlow .NET5.* – 5.*
- Digiwin / EasyFlow .NET6.1.* – 6.1.*
- Digiwin / EasyFlow .NET6.6.* – 6.6.*