Lucene search

TwcertCVELIST:CVE-2022-46309

HistoryJan 03, 2023 - 12:00 a.m.

CVE-2022-46309 Galaxy Software Services Corporation. Vitals ESP - Arbitrary Path File Reading

2023-01-0300:00:00

CWE-22

twcert

www.cve.org

vulnerability

vitals esp

remote attacker

system files

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

48.9%

JSON

Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files.

CNA Affected

[
  {
    "vendor": "Galaxy Software Services Corporation.",
    "product": "Vitals ESP",
    "versions": [
      {
        "version": "3.0.8",
        "status": "affected",
        "lessThanOrEqual": "6.2.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6785-86407-1.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

48.9%

JSON

Related for CVELIST:CVE-2022-46309