Lucene search

Service Manager Security Vulnerabilities - May

cve

CVE-2021-33231

Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.

5.4CVSS

5.4AI Score

0.001EPSS

2022-10-20 11:15 AM

cve

CVE-2022-38489

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). Version 2022.1.110.1.02 fixes the vulnerably.

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-10 09:15 PM

cve

CVE-2022-38490

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue.

9.6CVSS

9AI Score

0.001EPSS

2023-01-10 09:15 PM

cve

CVE-2022-38491

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this issue.

8.2CVSS

7.5AI Score

0.002EPSS

2023-01-10 09:15 PM

cve

CVE-2022-38492

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability.

8.8CVSS

9AI Score

0.001EPSS

2023-01-10 09:15 PM