10 matches found
EUVD-2018-7085
Malware in sbrugna...
EUVD-2018-7086
Malware in sbrugna...
CVE-2018-15208
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter...
CVE-2018-15206
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf...
Session fixation
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter...
Improper access control
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin...
CVE-2018-15208
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter...
CVE-2018-15207
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin...
CVE-2018-15207
The CVE-2018-15207 entry concerns BPC SmartVista 2, specifically the SVFE module. Affected component: SVFE2/pages/finadmin/currconvrate/currconvrate.jsf. Root cause: Improper access control that allows a normal user to access functionality intended for admins. Impact stated in CVSS metrics is hig...
CVE-2018-15206
CVE-2018-15206 affects BPC SmartVista 2 with a CSRF flaw exposed at SVFE2/pages/admpages/roles/createrole.jsf. CVSSv3 indicates HIGH impact (8.8) with network attack, low complexity, no privileges, but requires user interaction; confidentiality, integrity, and availability are rated HIGH. No reme...