CVE-2022-46309 MEDIUM

CVE-2022-46309: Galaxy Software Services Corporation. Vitals ESP - Arbitrary Path File Reading

Vendor Galaxy Software Services Corporation.
Product Vitals ESP
Weakness CWE-22 · Path traversal
Published January 3, 2023
Last update April 10, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files.

Key dates

02Disclosure timeline

January 3, 2023 CVE published
April 10, 2025 Record updated