CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38492
https://notcve.org/view.php?id=CVE-2022-38492
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Un parámetro permite la inyección de SQL. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38492 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38490
https://notcve.org/view.php?id=CVE-2022-38490
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Algunos parámetros permiten la inyección de SQL. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38490 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38489
https://notcve.org/view.php?id=CVE-2022-38489
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). Version 2022.1.110.1.02 fixes the vulnerably. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Es propenso a cross site scripting (XSS) almacenados. La versión 2022.1.110.1.02 corrige la vulnerabilidad. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38489 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38491
https://notcve.org/view.php?id=CVE-2022-38491
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this issue. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Parte de la aplicación no implementa protección contra ataques de fuerza bruta. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38491 • CWE-307: Improper Restriction of Excessive Authentication Attempts •