exploitDog

CVE-2022-45127

Опубликовано: 18 янв. 2023

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary backup operations and cause a denial-of-service condition.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01
Third Party Advisory
US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sewio:real-time_location_system_studio:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.6.2 (включая)

EPSS

Процентиль: 23%

0.00075

Низкий

8.1 High

CVSS3

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-fw5r-85gc-4v62

CVSS3: 8.1

github

больше 2 лет назад

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary backup operations and cause a denial-of-service condition.

EPSS

Процентиль: 23%

0.00075

Низкий

8.1 High

CVSS3

Дефекты

CWE-352

CWE-352