Описание
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data.
This issue affects Vitals ESP: from 3.0.8 through 6.2.0.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.0.8 (включая) до 6.2.0 (включая)
cpe:2.3:a:gss:vitals_enterprise_social_platform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00238
Низкий
8.6 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-321
Связанные уязвимости
CVSS3: 8.6
github
больше 2 лет назад
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data. This issue affects Vitals ESP: from 3.0.8 through 6.2.0.
EPSS
Процентиль: 47%
0.00238
Низкий
8.6 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-321