We found results for “”
CVE-2024-28087
Good to know:
Date: May 14, 2024
In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable.
Language: Java
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Top Fix
Upgrade Version
Upgrade to version org.bonitasoft.engine:bonita-common:10.0.0,org.bonitasoft.engine:bonita-server:10.0.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |