SmartSoft SmartBPM.NET has a vulnerability of using hard...
Critical severity
Unreviewed
Published
Jul 10, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Jul 10, 2023
Published to the GitHub Advisory Database
Jul 10, 2023
Last updated
Apr 4, 2024
SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service.
References