Auber R Maroneze - Security Researcher - Exploit Intelligence Platform

CVE-2024-46479 WRITEUP CRITICAL WRITEUP

Venki Supravizio BPM <= 18.0.1 - Authenticated Arbitrary File Upload and Remote Code Execution

Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.

CVSS 9.9

View Code

CVE-2024-46480 WRITEUP HIGH WRITEUP

Venki Supravizio BPM < 18.0.1 - Authenticated NTLM Hash Leak

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.

CVSS 8.4

View Code

CVE-2024-46481 WRITEUP HIGH WRITEUP

Venki Supravizio BPM < 18.1.1 - Open Redirect and Reflected Cross-Site Scripting

The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.

CVSS 7.2

View Code

CVE-2024-46479 WRITEUP CRITICAL WRITEUP

Venki Supravizio BPM <= 18.0.1 - Authenticated Arbitrary File Upload and Remote Code Execution

Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.

CVSS 9.9

View Code

CVE-2024-46480 WRITEUP HIGH WRITEUP

Venki Supravizio BPM < 18.0.1 - Authenticated NTLM Hash Leak

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.

CVSS 8.4

View Code

CVE-2024-46481 WRITEUP HIGH WRITEUP

Venki Supravizio BPM < 18.1.1 - Open Redirect and Reflected Cross-Site Scripting

The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.

CVSS 7.2

View Code