CVE-2024-46480

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.4 HIGH
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
mitreCNA
8.4 HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
venkisupravizio_bpm
𝑥
≤ 18.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Lorenzo-de-Sa/Vulnerability-Research
https://github.com/Lorenzo-de-Sa/Vulnerability-Research/blob/main/CVE-2024-46480.md
https://www.venki.com.br/ferramenta-bpm/supravizio/