Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FLOWRING Agentflow BPM - Broken Access Control
Vulnerability Description
Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Flowring Technology Agentflow BPM 授权问题漏洞
Vulnerability Description
Flowring Technology Agentflow BPM是中国华苓科技(Flowring Technology)公司的一个企业流程管理系统。 Flowring Technology Agentflow BPM 存在授权问题漏洞,该漏洞源于其企业管理系统鉴权不当导致具有普通用户权限的远程攻击者可以通过修改用户帐户名获得任意帐户权限从而对系统进行访问、操作或中断服务。
CVSS Information
N/A
Vulnerability Type
N/A