Vendor

Smartvista

Products

CVEs

Across products

Status

Private

Products

SVFE2
5 CVEs
Cardgen
2 CVEs
Smartvista BackOffice
1 CVE

Recent CVEs

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-50255	Smartvista Smartvista BackOffice	Hig	0.51	7.8	0.00	Sep 18, 2025	Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request.
CVE-2022-38619	Smartvista SVFE2		0.00	—	0.01	Sep 20, 2022	SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.
CVE-2022-38618	Smartvista SVFE2		0.00	—	0.01	Sep 19, 2022	SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.
CVE-2022-38617	Smartvista SVFE2		0.00	—	0.01	Sep 19, 2022	SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.
CVE-2022-38616	Smartvista SVFE2		0.00	—	0.01	Sep 13, 2022	SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.
CVE-2022-38614	Smartvista Cardgen		0.00	—	0.01	Sep 9, 2022	An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.
CVE-2022-38615	Smartvista SVFE2		0.00	—	0.01	Sep 9, 2022	SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.
CVE-2022-38613	Smartvista Cardgen		0.00	—	0.01	Sep 9, 2022	A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.

CVE-2025-50255HigSep 18, 2025
Smartvista
Smartvista BackOffice
risk 0.51cvss 7.8epss 0.00
Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request.
CVE-2022-38619Sep 20, 2022
Smartvista
SVFE2
risk 0.00cvss —epss 0.01
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.
CVE-2022-38618Sep 19, 2022
Smartvista
SVFE2
risk 0.00cvss —epss 0.01
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.
CVE-2022-38617Sep 19, 2022
Smartvista
SVFE2
risk 0.00cvss —epss 0.01
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.
CVE-2022-38616Sep 13, 2022
Smartvista
SVFE2
risk 0.00cvss —epss 0.01
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.
CVE-2022-38614Sep 9, 2022
Smartvista
Cardgen
risk 0.00cvss —epss 0.01
An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.
CVE-2022-38615Sep 9, 2022
Smartvista
SVFE2
risk 0.00cvss —epss 0.01
SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.
CVE-2022-38613Sep 9, 2022
Smartvista
Cardgen
risk 0.00cvss —epss 0.01
A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.