CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-15392

A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.4%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://github.com/inflixim4be/CVE-2020-15392
https://www.venki.com.br/
https://github.com/inflixim4be/CVE-2020-15392
https://www.venki.com.br/

Products affected by CVE-2020-15392

Venki » Supravizio Bpm » Version: 10.1.2

cpe:2.3:a:venki:supravizio_bpm:10.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15392

Products

Pricing

Contact Us