Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data.
This issue affects Vitals ESP: from 3.0.8 through 6.2.0.
References
| Link | Resource |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-7224-4fe1f-1.html | Third Party Advisory |
Configurations
History
14 Oct 2024, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-321 | |
| Summary | (en) Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data. This issue affects Vitals ESP: from 3.0.8 through 6.2.0. |
31 Jul 2023, 18:33
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://www.twcert.org.tw/tw/cp-132-7224-4fe1f-1.html - Third Party Advisory | |
| CPE | cpe:2.3:a:gss:vitals_enterprise_social_platform:*:*:*:*:*:*:*:* | |
| First Time |
Gss
Gss vitals Enterprise Social Platform |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
21 Jul 2023, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-07-21 04:15
Updated : 2024-10-14 04:15
NVD link : CVE-2023-37291
Mitre link : CVE-2023-37291
CVE.ORG link : CVE-2023-37291
JSON object : View
Products Affected
gss
- vitals_enterprise_social_platform
CWE
CWE-321
Use of Hard-coded Cryptographic Key