WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal

In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being

In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to b

An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document

In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to

tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes

An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents (PDF

Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token wh

In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipul