CVE-2024-46480

HIGH

Venki Supravizio Bpm < 18.0.1 - Insufficiently Protected Credentials

Title source: rule
STIX 2.1

Description

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.

References (3)

Scores

CVSS v3 8.4
EPSS 0.0018
EPSS Percentile 39.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-522
Status published
Products (1)
venki/supravizio_bpm < 18.0.1
Published Jan 13, 2025
Tracked Since Feb 18, 2026