CVE-2024-46480

Published: Jan 13, 2025Modified: Oct 3, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.

Affected (1)

Products: Venki: Supravizio Bpm

Venki

1 product

Supravizio Bpm

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Venki Supravizio Bpm	Up to 18.0.1

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (3)

https://github.com/Lorenzo-de-Sa/Vulnerability-Research

Source: cve@mitre.org

Third Party Advisory

https://github.com/Lorenzo-de-Sa/Vulnerability-Research/blob/main/CVE-2024-46480.md

Source: cve@mitre.org

Third Party Advisory

https://www.venki.com.br/ferramenta-bpm/supravizio/

Source: cve@mitre.org

Product

Timeline

No history available yet.