Primary

Context

Digiwin EasyFlow GP Insufficiently Protected Credentials Vulnerability

Vulnerability

A vulnerability allowing privileged remote attackers to access plaintext Active Directory and system email credentials from the EasyFlow GP frontend has been identified. This issue arises from insufficient protection of credentials, enabling exploitation by attackers with elevated privileges.

Impact

Exploitation of this vulnerability allows for unauthorized access to Active Directory and system email credentials, which could be misused for further attacks or unauthorized actions within the system.

Remediation

Users are advised to update EasyFlow GP version 5.8.x to 5.8.11.1.081013 or later, and version 8.1.x to 8.1.1.3 or later. For version 5.7.x, upgrade to an unaffected version or install the available patch.

Added: Nov 17, 2025, 8:22 AM

Updated: Nov 17, 2025, 8:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Digiwin EasyFlow GP Insufficiently Protected Credentials Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating