Bpcbt: >> Smartvista Security Vulnerabilities
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-19
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-19
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-08-19
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-04-30
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.
CVSS Score
7.2
EPSS Score
0.005
Published
2019-04-30
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-04-30