CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46479
https://notcve.org/view.php?id=CVE-2024-46479
13 Jan 2025 — Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution. • https://github.com/Lorenzo-de-Sa/Vulnerability-Research • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46480
https://notcve.org/view.php?id=CVE-2024-46480
13 Jan 2025 — An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. • https://github.com/Lorenzo-de-Sa/Vulnerability-Research • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46481
https://notcve.org/view.php?id=CVE-2024-46481
13 Jan 2025 — The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS. • https://github.com/Lorenzo-de-Sa/Vulnerability-Research • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15367
https://notcve.org/view.php?id=CVE-2020-15367
07 Jul 2020 — Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. Venki Supravizio BPM versión 10.1.2, no limita el número de intentos de autenticación. Un usuario no autenticado puede explotar esta vulnerabilidad para iniciar un ataque de autenticación de fuerza bruta contra la página de Inicio de Sesión • https://github.com/inflixim4be/CVE-2020-15367 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15392
https://notcve.org/view.php?id=CVE-2020-15392
07 Jul 2020 — A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. Se encontró un fallo de vulnerabilidad de enumeración de usuarios en Venki Supravizio BPM versión 10.1.2. Este problema se produce durante la recuperación de contraseña, donde una diferencia en los mensajes de error podría permitir... • https://github.com/inflixim4be/CVE-2020-15392 • CWE-203: Observable Discrepancy •