CVE-2020-15392

A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.
References
Link Resource
https://www.venki.com.br/ Vendor Advisory
https://github.com/inflixim4be/CVE-2020-15392 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:venki:supravizio_bpm:10.1.2:*:*:*:*:*:*:*

Information

Published : 2020-07-07 02:15

Updated : 2021-07-21 11:39


NVD link : CVE-2020-15392

Mitre link : CVE-2020-15392

Products Affected
No products.
CWE