Code Execution Risk in ProcessMaker Enterprise Core by ProcessMaker
CVE-2016-9045

8.8HIGH

Key Information:

Vendor: Processmaker
Status: Processmaker Enterprise
Vendor: CVE Published:; 17 September 2018

🔔 Create Processmaker Vulnerability Alert

What is CVE-2016-9045?

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community, where specially crafted web requests may lead to unsafe deserialization. This can potentially allow an attacker to execute PHP code on the server by sending maliciously crafted web parameters, compromising security and integrity. Organizations using affected versions should take measures to mitigate this risk.

Affected Version(s)

ProcessMaker Enterprise ProcessMaker Enterprise Core 3.0.1.7-community

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2018
Vulnerability Reserved
Oct 26, 2016

CVE-2016-9045 Data

JSON