MidnightBSD

Advisories for easyvista

CVE-2012-1256 MEDIUM

The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
easyvista easyvista *
CVE-2021-33231

Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
easyvista service_manager 2018.1.181.1
CVE-2022-38489

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). Version 2022.1.110.1.02 fixes the vulnerably.

Products Affected

Vendor Product Version
easyvista service_manager 2022.1.109.0.03
easyvista service_manager 2020.2.125.3
CVE-2022-38490

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue.

Products Affected

Vendor Product Version
easyvista service_manager 2022.1.109.0.03
easyvista service_manager 2020.2.125.3
CVE-2022-38491

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this issue.

Products Affected

Vendor Product Version
easyvista service_manager 2022.1.109.0.03
easyvista service_manager 2020.2.125.3
CVE-2022-38492

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability.

Products Affected

Vendor Product Version
easyvista service_manager 2022.1.109.0.03
easyvista service_manager 2020.2.125.3