Vulnerabilities > Bpcbt

DATE CVE VULNERABILITY TITLE RISK
2022-09-21 CVE-2022-38619 SQL Injection vulnerability in Bpcbt Smartvista Front-End 2.2.22
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.
network
low complexity
bpcbt CWE-89
critical
 9.8
9.8
2022-09-19 CVE-2022-38618 SQL Injection vulnerability in Bpcbt Smartvista 2.2.22
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.
network
low complexity
bpcbt CWE-89
8.8
8.8
2022-09-19 CVE-2022-38617 SQL Injection vulnerability in Bpcbt Smartvista 2.2.22
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.
network
low complexity
bpcbt CWE-89
8.8
8.8
2022-09-13 CVE-2022-38616 SQL Injection vulnerability in Bpcbt Smartvista Front-End 2.2.22
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.
network
low complexity
bpcbt CWE-89
8.8
8.8
2022-09-09 CVE-2022-38614 Path Traversal vulnerability in Bpcbt Smartvista Cardgen 3.28.0
An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.
network
low complexity
bpcbt CWE-22
7.5
7.5
2022-09-09 CVE-2022-38615 SQL Injection vulnerability in Bpcbt Smartvista Front-End 2.2.22
SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.
network
low complexity
bpcbt CWE-89
8.8
8.8
2022-09-09 CVE-2022-38613 Path Traversal vulnerability in Bpcbt Smartvista Cardgen 3.28.0
A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.
network
low complexity
bpcbt CWE-22
6.5
6.5
2022-08-19 CVE-2022-35554 Cross-site Scripting vulnerability in Bpcbt Smartvista 2/2.2.22/3.28.0
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side.
network
low complexity
bpcbt CWE-79
6.1
6.1
2019-04-30 CVE-2018-15208 Session Fixation vulnerability in Bpcbt Smartvista 2
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.
network
high complexity
bpcbt CWE-384
7.5
7.5
2019-04-30 CVE-2018-15207 Improper Privilege Management vulnerability in Bpcbt Smartvista 2
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.
network
low complexity
bpcbt CWE-269
7.2
7.2