RSS   Vulnerabilities for 'Smartvista'   RSS

2019-04-30
 
CVE-2018-15208

CWE-384
 

 
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.

 
 
CVE-2018-15207

CWE-269
 

 
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.

 
 
CVE-2018-15206

CWE-352
 

 
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.

 


Copyright 2024, cxsecurity.com

 

Back to Top