Published: 28/02/2018 Updated: 30/04/2019

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 585

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Multiple open redirect vulnerabilities in Bonita BPM Portal prior to 6.5.3 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bonitasoft bonita bpm portal

Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Version(s): 651 and probably prior Tested Version: 651 (Windows and Mac OS packages) Advisory Publication: May 7, 2015 [without technical details] Vendor Notification: May 7, 2015 Vendor Patch: June 9, 2015 Public Disclosure: June 10, 2015 Vulnerability Type: Path ...

Bonita BPM version 651 suffers from open redirect and directory traversal vulnerabilities ...

CWE-601 https://www.htbridge.com/advisory/HTB23259 http://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html http://www.securityfocus.com/archive/1/535733/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/37260/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-3898

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect