CVE-2022-38617

Опубликовано: 19 сент. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.

Ссылки

http://bpcbt.com
Product
http://smartvista.com
Product
https://dtro.gitbook.io/note_cve/sql-injection-in-terminal-voice-audit-feature-of-smartvista-svfe2-version-2.2.22-cve-2022-38617
Exploit
Third Party Advisory
http://bpcbt.com
Product
http://smartvista.com
Product
https://dtro.gitbook.io/note_cve/sql-injection-in-terminal-voice-audit-feature-of-smartvista-svfe2-version-2.2.22-cve-2022-38617
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bpcbt:smartvista:2.2.22:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00291

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-r9w6-4crr-3h35