CVE-2024-46479

Name of the Vulnerable Software and Affected Versions: Venki Supravizio BPM versions up to 18.0.1

Description: The issue is related to an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, which can lead to remote code execution.

Recommendations: For versions up to 18.0.1, consider restricting file upload capabilities to prevent malicious file uploads until a patch is available. As a temporary workaround, limit access to areas of the application where file uploads are possible to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.