Vulnerabilities > CVE-2020-15367 - Improper Restriction of Excessive Authentication Attempts vulnerability in Venki Supravizio BPM 10.1.2

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
venki
CWE-307
critical
NVD
Published: 2020-07-07
Updated: 2020-07-15

Summary

Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page.

Vulnerable Configurations

Part Description Count
Application
Venki
1

Common Weakness Enumeration (CWE)

References