Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Bpcbt Subscribe
Filtered by product Smartvista
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-38618 1 Bpcbt 1 Smartvista 2022-09-21 N/A 8.8 HIGH
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.
CVE-2022-38617 1 Bpcbt 1 Smartvista 2022-09-21 N/A 8.8 HIGH
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.
CVE-2022-35554 1 Bpcbt 1 Smartvista 2022-08-22 N/A 6.1 MEDIUM
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side.
CVE-2018-15207 1 Bpcbt 1 Smartvista 2019-10-02 6.5 MEDIUM 7.2 HIGH
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.
CVE-2018-15206 1 Bpcbt 1 Smartvista 2019-05-01 6.8 MEDIUM 8.8 HIGH
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.
CVE-2018-15208 1 Bpcbt 1 Smartvista 2019-05-01 5.1 MEDIUM 7.5 HIGH
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.