CVE-2022-32457

Name of the Vulnerable Software and Affected Versions Digiwin BPM (affected versions not specified)

Description The issue is related to inadequate filtering for URL parameters in Digiwin BPM, allowing an unauthenticated remote attacker to perform a Blind SSRF (Server-Side Request Forgery) attack. This attack can be used to discover the internal network topology based on URL error responses.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.