Supravizio Bpm

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2024-46481 HIGH This Month

The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect XSS Supravizio Bpm

NVD GitHub

CVSS 3.1

7.2

EPSS

0.2%

CVE-2024-46480 HIGH This Month

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Supravizio Bpm

NVD GitHub

CVSS 3.1

8.4

EPSS

0.2%

CVE-2024-46479 CRITICAL This Week

Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Supravizio Bpm

NVD GitHub

CVSS 3.1

9.9

EPSS

4.5%

CVE-2024-46481

EPSS 0% CVSS 7.2

HIGH This Month

Open Redirect XSS Supravizio Bpm

NVD GitHub

CVE-2024-46480

EPSS 0% CVSS 8.4

HIGH This Month

Information Disclosure Supravizio Bpm

NVD GitHub

CVE-2024-46479

EPSS 5% CVSS 9.9

CRITICAL This Week

RCE File Upload Supravizio Bpm

NVD GitHub