VYPR
Vendor

BPC

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2018-15206HigApr 30, 2019
    risk 0.57cvss 8.8epss 0.01

    BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.

  • CVE-2018-15208HigApr 30, 2019
    risk 0.49cvss 7.5epss 0.01

    BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.

  • CVE-2018-15207HigApr 30, 2019
    risk 0.47cvss 7.2epss 0.01

    BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.

  • CVE-2022-35554MedAug 19, 2022
    risk 0.40cvss 6.1epss 0.00

    Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side.