Shodan
Vulnerabilities
Vulnerable Software
Bpcbt:  Security Vulnerabilities
CVE-2022-38619
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-09-21
CVE-2022-38618
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-19
CVE-2022-38617
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-19
CVE-2022-38616
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-09-13
CVE-2022-38614
An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-09
CVE-2022-38615
SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-09
CVE-2022-38613
A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-09-09
CVE-2022-35554
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-08-19
CVE-2018-15206
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-04-30
CVE-2018-15207
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.
CVSS Score
7.2
EPSS Score
0.005
Published
2019-04-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved