go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center


Galaxy Software Services Vitals ESP - Use of Hard-coded Cryptographic Key

TVN ID TVN-202307009
CVE ID CVE-2023-37291
CVSS 8.6 (High)
Affected Products Vitals ESP: 3.0.8 ~ 6.2.0
Description Galaxy Software Services Vitals ESP has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with regular user privilege to run relevant processes and access data.
Solution Contact Galaxy Software Services support team
Credit Cyku (DEVCORE)
Public Date 2023-09-19