CVE-2024-46480 HIGH

CVE-2024-46480

Vendor Venki
Product Supravizio BPM
Weakness CWE-522 · Insufficiently protected credentials
Published January 13, 2025
Last update January 13, 2025

CVSS base score

8.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.

Key dates

02Disclosure timeline

January 13, 2025 CVE published
January 13, 2025 Record updated