CVE-2022-38577

HIGH

ProcessMaker <3.5.4 - Privilege Escalation

Title source: llm
STIX 2.1

Description

ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.

Exploits (1)

nomisec WORKING POC 3 stars
by sornram9254 · poc
https://github.com/sornram9254/CVE-2022-38577-Processmaker

References (3)

Scores

CVSS v3 8.8
EPSS 0.1404
EPSS Percentile 94.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-281
Status published
Products (1)
processmaker/processmaker < 3.5.4
Published Sep 19, 2022
Tracked Since Feb 18, 2026