VYPR
Vendor

Easyvista

Products
2
CVEs
6
Across products
6
Status
Private

Products

2

Recent CVEs

6
  • CVE-2022-38490CriJan 10, 2023
    risk 0.62cvss 9.6epss 0.01

    An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue.

  • CVE-2022-38491HigJan 10, 2023
    risk 0.53cvss 8.2epss 0.01

    An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this issue.

  • CVE-2022-38492HigJan 10, 2023
    risk 0.50cvss 7.7epss 0.01

    An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability.

  • CVE-2021-33231MedOct 20, 2022
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.

  • CVE-2022-38489MedJan 10, 2023
    risk 0.31cvss 4.8epss 0.00

    An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). Version 2022.1.110.1.02 fixes the vulnerably.

  • CVE-2012-1256Feb 22, 2012
    risk 0.00cvss epss 0.01

    The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php.