This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Bpcbt | First view | 2019-04-30 |
| Product | Smartvista | Last view | 2022-08-19 |
| Version | 2 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:bpcbt:smartvista | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.1 | 2022-08-19 | CVE-2022-35554 | Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side. |
| 7.5 | 2019-04-30 | CVE-2018-15208 | BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. |
| 7.2 | 2019-04-30 | CVE-2018-15207 | BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin. |
| 8.8 | 2019-04-30 | CVE-2018-15206 | BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (1) | CWE-384 | Session Fixation |
| 25% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 25% (1) | CWE-269 | Improper Privilege Management |
| 25% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
