VYPR

Supravizio BPM

by Venki

CVEs (5)

  • CVE-2024-46479CriJan 13, 2025
    risk 0.64cvss 9.9epss 0.01

    Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.

  • CVE-2020-15367CriJul 7, 2020
    risk 0.64cvss 9.8epss 0.02

    Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page.

  • CVE-2024-46480HigJan 13, 2025
    risk 0.55cvss 8.4epss 0.00

    An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.

  • CVE-2024-46481HigJan 13, 2025
    risk 0.47cvss 7.2epss 0.00

    The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.

  • CVE-2020-15392MedJul 7, 2020
    risk 0.35cvss 5.3epss 0.01

    A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.