NotCVE - vendor:"Easyvista" product:"Service Manager"

5 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-38492

https://notcve.org/view.php?id=CVE-2022-38492

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Un parámetro permite la inyección de SQL. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38492 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-38490

https://notcve.org/view.php?id=CVE-2022-38490

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Algunos parámetros permiten la inyección de SQL. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38490 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-38489

https://notcve.org/view.php?id=CVE-2022-38489

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). Version 2022.1.110.1.02 fixes the vulnerably. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Es propenso a cross site scripting (XSS) almacenados. La versión 2022.1.110.1.02 corrige la vulnerabilidad. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38489 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-38491

https://notcve.org/view.php?id=CVE-2022-38491

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this issue. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Parte de la aplicación no implementa protección contra ataques de fuerza bruta. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38491 • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-33231

https://notcve.org/view.php?id=CVE-2021-33231

Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en la página New equipment en EasyVista Service Manager versión 2018.1.181.1, permite a atacantes remotos ejecutar código arbitrario por medio del campo de notas • http://easyvista.com https://armysick.github.io/cve-2021-33231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •