Description

Bonita is an open-source business process management system.

Bonita 2021.2 (and earlier) has an authorization bypass vulnerability. An attacker can bypass the authorization with a specially crafted HTTP request and get privileged access to the system. This can lead to remote code execution by abusing the API.

Remediation

Upgrade to the latest version of Bonita

References

CVE-2022-25237: Bonitasoft Authorization Bypass and RCE

Related Vulnerabilities

WordPress 5.9.x Shortcode Execution (5.9 - 5.9.6)

WordPress Plugin WordPress WP-Advanced-Search Remote Code Execution (3.3.3)

Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)

Check for apache versions up to 1.3.25, 2.0.38

Liferay TunnelServlet Deserialization Remote Code Execution

Severity

High

Classification

CVE-2022-25237 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution