CVE-2022-39037

Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt