← back
CVE-2024-46480

CVE-2024-46480

CVSS 8.4 HIGHEPSS 0.5%CWE-522
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.4EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
Venki · Supravizio BPM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/Lorenzo-de-Sa/Vulnerability-Researchhttps://github.com/Lorenzo-de-Sa/Vulnerability-Research/blob/main/CVE-2024-46480.mdhttps://www.venki.com.br/ferramenta-bpm/supravizio/