Vendor
BPC
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-15208 | 0.00 | — | 0.00 | Apr 30, 2019 | BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. | |||
| CVE-2018-15207 | 0.00 | — | 0.00 | Apr 30, 2019 | BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin. | |||
| CVE-2018-15206 | 0.00 | — | 0.00 | Apr 30, 2019 | BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf. |
- CVE-2018-15208Apr 30, 2019risk 0.00cvss —epss 0.00
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.
- CVE-2018-15207Apr 30, 2019risk 0.00cvss —epss 0.00
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.
- CVE-2018-15206Apr 30, 2019risk 0.00cvss —epss 0.00
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.