CVE-2020-26173

Name of the Vulnerable Software and Affected Versions Tangro Business Workflow versions prior to 1.18.1

Description The issue is related to an incorrect access control implementation, allowing an attacker to download documents, specifically PDFs, by providing a valid document ID and token without requiring further authentication.

Recommendations For versions prior to 1.18.1, update to version 1.18.1 or later to resolve the issue. As a temporary workaround, consider restricting access to document downloads by validating user authentication in addition to the document ID and token.