Lucene search
K
LcnetSmart Evision

7 matches found

CVE
CVE
added 2022/09/28 3:25 a.m.277 views

CVE-2022-39034

CVE-2022-39034 concerns Smart eVision, where the Report API is vulnerable to a path traversal due to insufficient filtering of special URL characters. The vulnerability allows a remote user with general (low) privileges to bypass authentication, access restricted paths, and download system files....

6.5CVSS6.5AI score0.01206EPSS
CVE
CVE
added 2022/09/28 3:25 a.m.50 views

CVE-2022-39032

Smart eVision (version details not specified in the provided documents) contains an improper privilege management flaw that lets a remote attacker with general user privileges escalate to administrator rights and execute arbitrary system commands or disrupt services. The root cause is described a...

8.8CVSS9AI score0.00754EPSS
CVE
CVE
added 2022/09/28 3:25 a.m.50 views

CVE-2022-39035

CVE-2022-39035 concerns Smart eVision, where insufficient filtering of special characters in a POST Data parameter in a specific function enables an unauthenticated, remote attacker to inject JavaScript for a Stored XSS. Affected software is Smart eVision; the vulnerability stems from inadequate ...

6.1CVSS6.1AI score0.00508EPSS
CVE
CVE
added 2022/09/28 3:25 a.m.49 views

CVE-2022-39030

CVE-2022-39030 affects smart eVision. The vulnerability is an inadequate authorization issue for the system information query function, allowing an unauthenticated remote attacker to access sensitive information. CVSSv3.1 base score 7.5 (HIGH) with network attack vector, low complexity, no privil...

7.5CVSS7.5AI score0.0076EPSS
CVE
CVE
added 2022/09/28 3:25 a.m.47 views

CVE-2022-39033

CVE-2022-39033 affects Smart eVision’s file acquisition function. The root cause is insufficient filtering of special characters in the URL parameter, enabling a path traversal vulnerability. An unauthenticated attacker can bypass authentication and access restricted paths to download and delete ...

9.8CVSS9.7AI score0.01532EPSS
CVE
CVE
added 2022/09/28 3:25 a.m.42 views

CVE-2022-39031

CVE-2022-39031 affects Smart eVision where insufficient authorization in the Task Acquisition function can let an unauthorized remote attacker obtain other general users’ Session IDs. The NVD reports a CVSS v3.1 base score of 5.3 (Network, Low attack complexity, Privileges required: None, Confide...

5.3CVSS5.3AI score0.00592EPSS
CVE
CVE
added 2022/09/28 3:25 a.m.40 views

CVE-2022-39029

CVE-2022-39029 concerns Smart eVision, where the database query function has inadequate authorization. A remote attacker with general user privileges, not explicitly allowed to access the queried data, can access sensitive information. The core issue is insufficient access control on database que...

6.5CVSS6.5AI score0.00658EPSS