An incorrect access control implementation in Tangro Business Workflow prior to 1.18.1 allows an malicious user to download documents (PDF) by providing a valid document ID and token. No further authentication is required.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tangro business workflow |