Known Vulnerabilities for products from Processmaker
Listed below are 5 of the newest known vulnerabilities associated with the vendor "Processmaker".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-38577 json | ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows... | 8.8 - HIGH | 2022-09-19 | 2022-11-15 |
| CVE-2021-47978 json | Not Provided | 2026-05-16 | 2026-05-16 | |
| CVE-2020-13526 json | SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP reques... | 8.8 - HIGH | 2020-12-10 | 2022-06-07 |
| CVE-2020-13525 json | The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL inject... | 8.8 - HIGH | 2020-12-03 | 2022-06-07 |
| CVE-2016-9048 json | Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafte... | 7.4 - HIGH | 2018-09-10 | 2022-12-14 |
| CVE-2016-9045 json | A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can ... | 8.8 - HIGH | 2018-09-17 | 2022-12-14 |
Known software with vulnerabilities from Processmaker
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Processmaker | Processmaker | 3.0.1.7 |