Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bonitasoft vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-36640
A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads...
Bonitasoft Webservice Connector
5
CVSSv2
CVE-2015-3897
Directory traversal vulnerability in Bonita BPM Portal prior to 6.5.3 allows remote malicious users to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
Bonitasoft Bonita Bpm Portal
1 EDB exploit
7.5
CVSSv2
CVE-2022-25237
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privi...
Bonitasoft Bonita Web 2021.2
5.8
CVSSv2
CVE-2015-3898
Multiple open redirect vulnerabilities in Bonita BPM Portal prior to 6.5.3 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
Bonitasoft Bonita Bpm Portal
1 EDB exploit
NA
CVE-2024-26542
Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows malicious users to execute arbitrary code via a crafted payload to the Groups Display name field.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started