Smartsoft Smartbpm.net — known CVE vulnerabilities
Every CVE whose affected-product data names Smartsoft Smartbpm.net, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2023-37286 — CVSS 9.8 (critical): SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to…
CVE-2023-37287 — CVSS 9.1 (critical): SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability…
CVE-2023-37288 — CVSS 6.5 (medium): SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can…