Lucene search
K

78 matches found

Vulnrichment
Vulnrichment
added 2022/09/28 3:25 a.m.6 views

CVE-2022-39033 Smart eVision - Path Traversal -1

Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete...

9.8CVSS9.6AI score0.01491EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/28 3:25 a.m.15 views

CVE-2022-39033 Smart eVision - Path Traversal -1

Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete...

9.8CVSS9.7AI score0.01491EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/28 3:25 a.m.5 views

CVE-2022-39031 Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -3

Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only...

5.3CVSS5.3AI score0.00577EPSS
Exploits0References1
CVE
CVE
added 2022/09/28 3:25 a.m.42 views

CVE-2022-39031

CVE-2022-39031 affects Smart eVision where insufficient authorization in the Task Acquisition function can let an unauthorized remote attacker obtain other general users’ Session IDs. The NVD reports a CVSS v3.1 base score of 5.3 (Network, Low attack complexity, Privileges required: None, Confide...

5.3CVSS5.3AI score0.00577EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/28 3:25 a.m.4 views

CVE-2022-39032 Smart eVision - Improper Privilege Management

Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service...

8.8CVSS9AI score0.00734EPSS
Exploits0References1
CVE
CVE
added 2022/09/28 3:25 a.m.48 views

CVE-2022-39032

Smart eVision (version details not specified in the provided documents) contains an improper privilege management flaw that lets a remote attacker with general user privileges escalate to administrator rights and execute arbitrary system commands or disrupt services. The root cause is described a...

8.8CVSS9AI score0.00734EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/28 3:25 a.m.15 views

CVE-2022-39032 Smart eVision - Improper Privilege Management

Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service...

8.8CVSS9.1AI score0.00734EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/28 3:25 a.m.21 views

CVE-2022-39031 Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -3

Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only...

5.3CVSS5.6AI score0.00577EPSS
Exploits0References1
CVE
CVE
added 2022/09/28 3:25 a.m.49 views

CVE-2022-39030

CVE-2022-39030 affects smart eVision. The vulnerability is an inadequate authorization issue for the system information query function, allowing an unauthenticated remote attacker to access sensitive information. CVSSv3.1 base score 7.5 (HIGH) with network attack vector, low complexity, no privil...

7.5CVSS7.5AI score0.0074EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/28 3:25 a.m.19 views

CVE-2022-39030 Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -2

smart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive information...

7.5CVSS7.7AI score0.0074EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/28 3:25 a.m.8 views

CVE-2022-39029 Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -1

Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information...

6.5CVSS6.5AI score0.0064EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/28 3:25 a.m.16 views

CVE-2022-39029 Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -1

Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information...

6.5CVSS6.7AI score0.0064EPSS
Exploits0References1
CVE
CVE
added 2022/09/28 3:25 a.m.40 views

CVE-2022-39029

CVE-2022-39029 concerns Smart eVision, where the database query function has inadequate authorization. A remote attacker with general user privileges, not explicitly allowed to access the queried data, can access sensitive information. The core issue is insufficient access control on database que...

6.5CVSS6.5AI score0.0064EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.3 views

Smart eVision 安全漏洞

Smart eVision Information Technology Smart eVision is a business intelligence platform of China Union Quan Information Technology Smart eVision Information Technology Company. Smart eVision is a business intelligence platform that combines business management rooms, dashboards, reports, and input...

6.5CVSS6.5AI score0.0064EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.5 views

PT-2022-24686 · Unknown · Smart Evision

Name of the Vulnerable Software and Affected Versions: Smart eVision affected versions not specified Description: The issue is related to insufficient authorization for the task acquisition function. An unauthorized remote attacker can exploit this to acquire the Session IDs of other general user...

5.3CVSS5.1AI score0.00577EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.5 views

Smart eVision 路径遍历漏洞

Smart eVision Information Technology Smart eVision is a business intelligence platform of China Union Quan Information Technology Smart eVision Information Technology Company. It can integrate business management room, dashboards, reports, and input interfaces for business operation management...

9.8CVSS8.4AI score0.01491EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.5 views

PT-2022-24684 · Unknown · Smart Evision

Name of the Vulnerable Software and Affected Versions: Smart eVision affected versions not specified Description: The issue concerns inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information,...

6.5CVSS6.3AI score0.0064EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.5 views

PT-2022-24685 · Unknown · Smart Evision

Name of the Vulnerable Software and Affected Versions: smart eVision affected versions not specified Description: The issue is related to inadequate authorization for the system information query function. An unauthenticated remote attacker can access sensitive information without being explicitl...

7.5CVSS7.4AI score0.0074EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.5 views

Smart eVision 安全漏洞

Smart eVision Information Technology Smart eVision is a business intelligence platform of China Union Quan Information Technology Smart eVision Information Technology Company. It can integrate business management rooms, dashboards, reports, and input interfaces for business operations management...

5.3CVSS5.8AI score0.00577EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.4 views

Smart eVision 路径遍历漏洞

Smart eVision Information Technology Smart eVision is a business intelligence platform of China Union Quan Information Technology Smart eVision Information Technology Company. Smart eVision is a business intelligence platform that combines business management rooms, dashboards, reports, and input...

6.5CVSS6.6AI score0.01174EPSS
Exploits0References2
Rows per page
Query Builder