Primary

Context

Digiwin EasyFlow GP Insufficiently Protected Credentials Vulnerability

Vulnerability

A vulnerability allowing privileged remote attackers to access plaintext database account credentials from the system frontend has been identified in Digiwin's EasyFlow GP. This issue arises from insufficient protection of credentials, enabling exploitation by attackers with elevated privileges.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive database credentials, which could be misused to manipulate or extract data from the database.

Remediation

Users are advised to update EasyFlow GP version 5.8.x to 5.8.11.1.081013 or later, and version 8.1.x to 8.1.1.3 or later. For version 5.7.x, upgrade to an unaffected version or install the available patch.

Added: Nov 17, 2025, 8:23 AM

Updated: Nov 17, 2025, 8:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Digiwin EasyFlow GP Insufficiently Protected Credentials Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating