CVE-2024-46480

Опубликовано: 13 янв. 2025

Источник: nvd

CVSS3: 8.4

CVSS3: 7.2

EPSS Низкий

Описание

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.

Ссылки

https://github.com/Lorenzo-de-Sa/Vulnerability-Research
Third Party Advisory
https://github.com/Lorenzo-de-Sa/Vulnerability-Research/blob/main/CVE-2024-46480.md
Third Party Advisory
https://www.venki.com.br/ferramenta-bpm/supravizio/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:venki:supravizio_bpm:*:*:*:*:*:*:*:*

Версия до 18.0.1 (включая)

EPSS

Процентиль: 47%

0.00243

Низкий

8.4 High

CVSS3

7.2 High

CVSS3

Дефекты

CWE-522

Связанные уязвимости

GHSA-pjgr-w4jm-qxgm

CVSS3: 8.4

github

около 1 года назад

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.

EPSS

Процентиль: 47%

0.00243

Низкий

8.4 High

CVSS3

7.2 High

CVSS3

Дефекты

CWE-522