PT-2020-14395 · Venki · Venki Supravizio Bpm

Inflixim4Be

Published

2020-07-07

Updated

2020-07-15

CVE-2020-15367

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Venki Supravizio BPM version 10.1.2

Description The issue allows an unauthenticated user to launch a brute-force authentication attack against the Login page due to the lack of limitation on the number of authentication attempts.

Recommendations For Venki Supravizio BPM version 10.1.2, consider implementing a limit on the number of authentication attempts or temporarily restricting access to the Login page to minimize the risk of exploitation.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2020-15367

Affected Products

Venki Supravizio Bpm

PT-2020-14395 · Venki · Venki Supravizio Bpm

CVE-2020-15367

Weakness Enumeration

Related Identifiers

Affected Products

References · 5