CVE-2020-15367

CRITICAL

Venki Supravizio BPM 10.1.2 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-15367. PoCs published by inflixim4be.

AI-analyzed exploit summary This repository documents CVE-2020-15367, a brute-force vulnerability in Supravizio BPM 10.1.2 due to lack of authentication attempt limits. It describes the exploitation process and includes screenshots but no functional exploit code.

Description

Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page.

Exploits (1)

nomisec WRITEUP
by inflixim4be · poc
https://github.com/inflixim4be/CVE-2020-15367

This repository documents CVE-2020-15367, a brute-force vulnerability in Supravizio BPM 10.1.2 due to lack of authentication attempt limits. It describes the exploitation process and includes screenshots but no functional exploit code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Venki Supravizio BPM 10.1.2
No auth needed
Prerequisites: Access to the login page · Valid username (enumerated via CVE-2020-15392)
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.venki.com.br/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/inflixim4be/CVE-2020-15367

Scores

CVSS v3 9.8
EPSS 0.0199
EPSS Percentile 78.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-307
Status published
Products (1)
venki/supravizio_bpm 10.1.2
Published Jul 07, 2020
Tracked Since Feb 18, 2026