CVE-2024-46480
- EPSS 0.24%
- Veröffentlicht 13.01.2025 20:15:28
- Zuletzt bearbeitet 03.10.2025 13:42:40
An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.
CVE-2024-46481
- EPSS 0.1%
- Veröffentlicht 13.01.2025 20:15:28
- Zuletzt bearbeitet 03.10.2025 13:35:37
The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.
CVE-2024-46479
- EPSS 0.88%
- Veröffentlicht 13.01.2025 18:15:18
- Zuletzt bearbeitet 07.10.2025 16:49:08
Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.
CVE-2020-15367
- EPSS 2.65%
- Veröffentlicht 07.07.2020 14:15:11
- Zuletzt bearbeitet 21.11.2024 05:05:25
Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page.
CVE-2020-15392
- EPSS 0.38%
- Veröffentlicht 07.07.2020 14:15:11
- Zuletzt bearbeitet 21.11.2024 05:05:28
A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-forc...