Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents (PDF) by providing a valid document ID and token. No further authentication is required.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
Tangro Business Workflow 授权问题漏洞
Vulnerability Description
Tangro Business Workflow是德国Tangro公司的一款可将SAP文档内容的内部控制以及批准流程进行可视化绘制的软件。 Tangro Business Workflow 1.18.1之前版本存在授权问题漏洞,该漏洞源于一个不正确的访问控制实现,允许攻击者可利用该漏洞通过提供有效的文档ID和令牌下载文档(PDF)。不需要进一步的身份验证。
CVSS Information
N/A
Vulnerability Type
N/A