CVE-2022-4779 HIGH

CVE-2022-4779: authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature

Vendor Elvexys
Product StreamX
Published December 28, 2022
Last update April 10, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected.

Key dates

02Disclosure timeline

December 28, 2022 CVE published
April 10, 2025 Record updated