CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38492
https://notcve.org/view.php?id=CVE-2022-38492
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Un parámetro permite la inyección de SQL. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38492 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38490
https://notcve.org/view.php?id=CVE-2022-38490
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Algunos parámetros permiten la inyección de SQL. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38490 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38489
https://notcve.org/view.php?id=CVE-2022-38489
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). Version 2022.1.110.1.02 fixes the vulnerably. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Es propenso a cross site scripting (XSS) almacenados. La versión 2022.1.110.1.02 corrige la vulnerabilidad. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38489 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38491
https://notcve.org/view.php?id=CVE-2022-38491
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this issue. Se descubrió un problema en EasyVista 2020.2.125.3 y 2022.1.109.0.03. Parte de la aplicación no implementa protección contra ataques de fuerza bruta. • https://excellium-services.com/cert-xlm-advisory/CVE-2022-38491 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38560
https://notcve.org/view.php?id=CVE-2021-38560
Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx. Ivanti Service Manager versión 2021.1, permite un ataque de tipo XSS reflejado por medio del parámetro appName asociado a las llamadas de ConfigDB, como en RelocateAttachments.aspx • https://github.com/os909/iVANTI-CVE-2021-38560 https://forums.ivanti.com/s/article/Ivanti-Service-Manager-Asset-Manager-2021-1-Release-Notes?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •