Description

Bonita is an open-source business process management system.

Bonita 2021.2 (and earlier) has an authorization bypass vulnerability. An attacker can bypass the authorization with a specially crafted HTTP request and get privileged access to the system. This can lead to remote code execution by abusing the API.

Remediation

Upgrade to the latest version of Bonita

References

CVE-2022-25237: Bonitasoft Authorization Bypass and RCE

Related Vulnerabilities

PHP-CGI remote code execution

Server-Side Template Injection

WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)

PHP version older than 4.3.8

Microsoft Exchange Server Server-Side Request Forgery (SSRF) vulnerability

Severity

High

Classification

CVE-2022-25237 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution