Vulnerability Details : CVE-2022-4778
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated are affected.
Published
2022-12-29 00:15:09
Updated
2023-01-06 17:00:46
Vulnerability category: Directory traversalBypass
Products affected by CVE-2022-4778
- cpe:2.3:a:elvexys:streamx:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-4778
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-4778
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
Switzerland Government Common Vulnerability Program |
CWE ids for CVE-2022-4778
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-4778
-
https://elvexys.com/products/xpg-gateway-rtu-protocol-converter/streamx-release-notes/
StreamX release notes - Elvexys SARelease Notes;Vendor Advisory
Jump to