Описание
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.0 (включая) до 2.6.2 (включая)
cpe:2.3:a:sewio:real-time_location_system_studio:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00379
Низкий
9.1 Critical
CVSS3
7.2 High
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 7.2
github
больше 2 лет назад
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.
EPSS
Процентиль: 59%
0.00379
Низкий
9.1 Critical
CVSS3
7.2 High
CVSS3
Дефекты
CWE-78