Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

easyvista

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

6
Related CVEsRelated ProductsRelated AssignersReports
6Vulnerabilities found
CVE-2022-38489
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). Version 2022.1.110.1.02 fixes the vulnerably.

Action-Not Available
Vendor-easyvistan/a
Product-service_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-38490
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.08% / 24.12%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue.

Action-Not Available
Vendor-easyvistan/a
Product-service_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-38491
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.13% / 32.67%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this issue.

Action-Not Available
Vendor-easyvistan/a
Product-service_managern/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-38492
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.7||HIGH
EPSS-0.08% / 23.86%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability.

Action-Not Available
Vendor-easyvistan/a
Product-service_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-33231
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 37.06%
||
7 Day CHG~0.00%
Published-20 Oct, 2022 | 00:00
Updated-08 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.

Action-Not Available
Vendor-easyvistan/a
Product-service_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-1256
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.39% / 59.33%
||
7 Day CHG~0.00%
Published-22 Feb, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php.

Action-Not Available
Vendor-easyvistan/a
Product-easyvistan/a
CWE ID-CWE-287
Improper Authentication