venki 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk open redirect and vendor risk cross-site scripting などに関し、一部は ファイル上書き を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-46481 | The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS. | [email protected] | 7.2 | 0.27% | 2025-01-13 | 2025-10-03 |
| CVE-2024-46480 | An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. | [email protected] | 8.4 | 0.24% | 2025-01-13 | 2025-10-03 |
| CVE-2024-46479 | Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution. | [email protected] | 9.9 | 5.99% | 2025-01-13 | 2025-10-07 |
| CVE-2020-15392 | A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | [email protected] | 5.3 | 0.38% | 2020-07-07 | 2024-11-21 |
| CVE-2020-15367 | Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | [email protected] | 9.8 | 2.65% | 2020-07-07 | 2024-11-21 |