Venki Supravizio_bpm
5 CVEs affecting Venki Supravizio_bpm. Latest disclosed: 2025-01-13. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-46479 | Critical | 9.9 | 2025-01-13 | Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, le… |
CVE-2020-15367 | Critical | 9.8 | 2020-07-07 | Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-forc… |
CVE-2024-46480 | High | 8.4 | 2025-01-13 | An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the under… |
CVE-2024-46481 | High | 7.2 | 2025-01-13 | The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS. |
CVE-2020-15392 | Medium | 5.3 | 2020-07-07 | A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error message… |