CVE-2024-46480

HIGH

Venki Supravizio Bpm < 18.0.1 - Insufficiently Protected Credentials

Title source: rule

Description

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.

References (3)

Scores

CVSS v3 8.4
EPSS 0.0017
EPSS Percentile 38.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Classification

CWE
CWE-522
Status published

Affected Products (1)

venki/supravizio_bpm < 18.0.1

Timeline

Published Jan 13, 2025
Tracked Since Feb 18, 2026