Bpcbt: >> Smartvista >> 2 Security Vulnerabilities
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-08-19
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-04-30
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.
CVSS Score
7.2
EPSS Score
0.005
Published
2019-04-30
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-04-30