CVE-2022-39031 MEDIUM

CVE-2022-39031: Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -3

Vendor Smart Evision Information Technology Inc.

Product Smart eVision

Weakness CWE-200 · Info exposure

Published September 28, 2022

Last update May 21, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only.

Key dates

02Disclosure timeline

September 28, 2022 CVE published

May 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-39031

Related vulnerabilities

04Related CVE

CVE-2023-39951 Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend CVE-2023-28765 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management ) CVE-2025-30291 ColdFusion | Information Exposure (CWE-200) CVE-2025-43018 Certain HP LaserJet Pro Printers – Potential Information Disclosure CVE-2023-0248 Kantech Gen1 ioSmart card reader

Identifiers

CVE CVE-2022-39031

CWE CWE-200

CVSS 5.3 / MEDIUM

Affected versions

Vendor Smart Evision Information Technology Inc.

Product Smart eVision

Affected 2022.02.21