FLOWRING Agentflow BPM - Broken Access Control
CVE-2022-39038

8.8HIGH

Key Information:

Vendor: Flowring
Status: Agentflow Bpm
Vendor: CVE Published:; 10 November 2022

What is CVE-2022-39038?

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Agentflow BPM 4.0.0.1183.552

References

https://www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6...

https://www.twcert.org.tw/tw/cp-132-6684-53149-1.html

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 10, 2022
Vulnerability Reserved
Aug 30, 2022

JSON

Flowring

What is CVE-2022-39038?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.