{"id":"BIT-processmaker-2022-38577","details":"ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.","aliases":["CVE-2022-38577"],"modified":"2023-12-06T01:02:31.894868Z","published":"2023-11-06T08:59:52.449Z","database_specific":{"cpes":["cpe:2.3:a:processmaker:processmaker:*:*:*:*:*:*:*:*"],"severity":"High"},"references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/168427/ProcessMaker-Privilege-Escalation.html"},{"type":"WEB","url":"http://processmaker.com"},{"type":"WEB","url":"https://drive.google.com/file/d/1iP9NYUkYEy_FGMpcnTkUWn8nGcqDT02_/view?usp=sharing"}],"affected":[{"package":{"name":"processmaker","ecosystem":"Bitnami","purl":"pkg:bitnami/processmaker"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.5.4"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/processmaker/BIT-processmaker-2022-38577.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}],"schema_version":"1.7.3"}