CVE-2018-15207

Published: Apr 30, 2019Modified: Nov 21, 2024

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.

Affected (1)

Products: Bpcbt: Smartvista

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bpcbt Smartvista	Version 2

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://neetech18.blogspot.com/2019/03/incorrect-access-control-smart-vista.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://neetech18.blogspot.com/2019/03/incorrect-access-control-smart-vista.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.