Vendor
BPC
Products
1
CVEs
4
Across products
4
Status
Private
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-15206 | Hig | 0.57 | 8.8 | 0.01 | Apr 30, 2019 | BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf. | ||
| CVE-2018-15208 | Hig | 0.49 | 7.5 | 0.01 | Apr 30, 2019 | BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. | ||
| CVE-2018-15207 | Hig | 0.47 | 7.2 | 0.01 | Apr 30, 2019 | BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin. | ||
| CVE-2022-35554 | Med | 0.40 | 6.1 | 0.00 | Aug 19, 2022 | Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side. |
- risk 0.57cvss 8.8epss 0.01
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.
- risk 0.49cvss 7.5epss 0.01
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.
- risk 0.47cvss 7.2epss 0.01
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.
- risk 0.40cvss 6.1epss 0.00
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side.