cvedb.io
CVE-2018-15207
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2019-04-30T19:29:02.377 · Last modified 2026-06-17T01:42:13.760

Summary

BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.

Affected products

bpcbt — smartvista

Does this affect you?

Add your gear to cvedb and we'll alert you only when bpcbt ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.