Supravizio Bpm Security Vulnerabilities and Issues — Supravizio Bpm CVE List

Lucene search

VenkiSupravizio Bpm

5 matches found

CVE•added 2020/07/07 2:15 p.m.•29 views

CVE-2020-15392

A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.

5.3CVSS5.5AI score0.00376EPSS

CVE•added 2020/07/07 2:15 p.m.•26 views

CVE-2020-15367

Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page.

9.8CVSS9.5AI score0.02647EPSS

CVE•added 2025/01/13 6:15 p.m.•16 views

CVE-2024-46479

Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.

9.9CVSS9.9AI score0.00305EPSS

CVE•added 2025/01/13 8:15 p.m.•13 views

CVE-2024-46480

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.

8.4CVSS6.6AI score0.00049EPSS

CVE•added 2025/01/13 8:15 p.m.•13 views

CVE-2024-46481

The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.

7.2CVSS7AI score0.00064EPSS