CVE-2022-4778 MEDIUM

CVE-2022-4778: path traversal in elvexys StreamX using StreamView HTML component with public web server feature

Vendor Elvexys
Product StreamX
Published December 28, 2022
Last update April 9, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated are affected.

Key dates

02Disclosure timeline

December 28, 2022 CVE published
April 9, 2025 Record updated