8.8CVSS
8.7AI Score
0.001EPSS
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.
7.2CVSS
6.8AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.002EPSS
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side.
6.1CVSS
6.3AI Score
0.001EPSS
A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.
6.5CVSS
6.2AI Score
0.002EPSS
An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.
7.5CVSS
7.5AI Score
0.002EPSS
SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.
8.8CVSS
9.2AI Score
0.001EPSS
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.
8.8CVSS
8.9AI Score
0.002EPSS
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.
8.8CVSS
8.9AI Score
0.001EPSS
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.
8.8CVSS
8.9AI Score
0.001EPSS
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.
9.8CVSS
9.8AI Score
0.002EPSS