CVE-2024-46480

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.7 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/Lorenzo-de-Sa/Vulnerability-Research	Third Party Advisory
https://github.com/Lorenzo-de-Sa/Vulnerability-Research/blob/main/CVE-2024-46480.md	Third Party Advisory
https://www.venki.com.br/ferramenta-bpm/supravizio/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:venki:supravizio_bpm:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-01-13 20:15

Updated : 2025-10-03 13:42

NVD link : CVE-2024-46480

Mitre link : CVE-2024-46480

CVE.ORG link : CVE-2024-46480

JSON object : View

Products Affected

venki

supravizio_bpm

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2024-46480", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.7}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2025-01-13T20:15:28.147", "references": [{"url": "https://github.com/Lorenzo-de-Sa/Vulnerability-Research", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/Lorenzo-de-Sa/Vulnerability-Research/blob/main/CVE-2024-46480.md", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.venki.com.br/ferramenta-bpm/supravizio/", "tags": ["Product"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system."}, {"lang": "es", "value": "Una fuga de hash NTLM en Venki Supravizio BPM hasta 18.0.1 permite a atacantes autenticados con acceso de administrador de aplicaciones escalar privilegios en el sistema host subyacente ."}], "lastModified": "2025-10-03T13:42:40.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:venki:supravizio_bpm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B660C7A-E6A1-47F6-9A3E-BB068978C180", "versionEndIncluding": "18.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}