cve/CVE-2022-36121.md at 43553e9af13bbdba84028635c21659dede3160a7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file.

POC

Reference

https://community.blueprism.com/discussion/security-vulnerability-notification-ssc-blue-prism-enterprise

Github

No PoCs found on GitHub currently.

1.0 KiB Raw Blame History

CVE-2022-36121

Description

POC

Reference

Github

1.0 KiB

Raw Blame History