CNNVD-202510-2772 Information

CNNVD ID

CNNVD-202510-2772

Related CVE

CVE-2025-11949

• CNNVD Published: 2025-10-21

Description (Chinese)

Digiwin EasyFlow .NET是中国鼎新（Digiwin）公司的一款企业级工作流程管理（Workflow Management）平台。 Digiwin EasyFlow .NET存在访问控制错误漏洞，该漏洞源于缺少身份验证，可能导致未经验证的远程攻击者获取数据库管理员凭据。

Description (English)

Digiwin EasyFlow.NET is an enterprise-level workflow management (Workflow Management) platform of the Chinese company Digiwin. Digiwin EasyFlow.NET has an access control error loophole, which stems from the lack of identification and may lead uncertified remote assailants to access the database administrator.

Hazard Level

Medium

Vulnerability Type

访问控制错误

Affected Vendor

鼎新

Published

2025-10-21

Last Modified

2026-02-24

References

https://www.twcert.org.tw/en/cp-139-10455-5b9ac-2.html https://www.twcert.org.tw/tw/cp-132-10454-35844-1.html

Patch

https://www.digiwin.com/tw