CVE-2020-15392

MEDIUM

Venki Supravizio BPM <10.1.2 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-15392. PoCs published by inflixim4be.

AI-analyzed exploit summary This repository documents a user enumeration vulnerability in Supravizio BPM 10.1.2, where differential error messages during password recovery allow attackers to determine valid users. The PoC includes screenshots demonstrating the behavior for valid and invalid users.

Description

A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.

Exploits (1)

nomisec WRITEUP
by inflixim4be · poc
https://github.com/inflixim4be/CVE-2020-15392

This repository documents a user enumeration vulnerability in Supravizio BPM 10.1.2, where differential error messages during password recovery allow attackers to determine valid users. The PoC includes screenshots demonstrating the behavior for valid and invalid users.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Supravizio BPM 10.1.2
No auth needed
Prerequisites: Access to the password recovery functionality of Supravizio BPM
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.venki.com.br/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/inflixim4be/CVE-2020-15392

Scores

CVSS v3 5.3
EPSS 0.0038
EPSS Percentile 59.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-203
Status published
Products (1)
venki/supravizio_bpm 10.1.2
Published Jul 07, 2020
Tracked Since Feb 18, 2026