E4

**Name of the Vulnerable Software and Affected Versions** Status PowerBPM (affected versions not specified) **Description** The issue is related to insufficient authentication in a specific function of Status PowerBPM. A LAN attacker with normal user privileges can exploit this to modify the substitute agent for arbitrary users, resulting in serious consequences. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.