Security for everyone

CVE-2015-3897 Scanner

Detects 'Directory Traversal' vulnerability in Bonita BPM Portal affects v. before 6.5.3.


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one


Parent Category

CVE-2015-3897 Scanner Detail

Bonita BPM Portal is an open-source business process management platform that offers a suite of tools to help organizations automate and optimize their business processes. This software solution allows organizations to streamline workflow, increase efficiency, and reduce errors by managing the entire process from start to finish. With Bonita BPM Portal, businesses can create process diagrams, create forms, monitor performance, and generate reports.

CVE-2015-3897 is a directory traversal vulnerability that has been detected in the Bonita BPM Portal software before version 6.5.3. This vulnerability allows remote attackers to access arbitrary files by using a ".." (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. An attacker can exploit this vulnerability to gain unauthorized access to sensitive files, such as configuration files, database credentials, and other critical data.

The exploitation of this vulnerability can lead to severe consequences for businesses using Bonita BPM Portal. Attackers can use the vulnerability to steal sensitive data, gain unauthorized access to critical systems, or modify data. The attackers could also use the vulnerability to launch more complex attacks, such as installing malware or launching a phishing campaign.

In conclusion, it is important for businesses using Bonita BPM Portal to be aware of CVE-2015-3897 and take appropriate steps to mitigate the risk of exploitation. With the pro features of, users can stay on top of the latest security threats and protect their digital assets effectively. By utilizing this platform, businesses can ensure that they are always aware of any vulnerabilities that may put their systems at risk and take immediate action to eliminate the threat.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture