CVE-2024-46481 HIGH

CVE-2024-46481

Vendor Venki
Product Supravizio BPM
Weakness CWE-601 · Open redirect
Published January 13, 2025
Last update January 13, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.

Key dates

02Disclosure timeline

January 13, 2025 CVE published
January 13, 2025 Record updated