Vulnerabilities > Sewio
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-18 | CVE-2022-41989 | Out-of-bounds Write vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. | 9.8 |
| 2023-01-18 | CVE-2022-43455 | Improper Input Validation vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. | 6.5 |
| 2023-01-18 | CVE-2022-43483 | OS Command Injection vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. | 7.2 |
| 2023-01-18 | CVE-2022-45127 | Cross-Site Request Forgery (CSRF) vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. | 8.1 |
| 2023-01-18 | CVE-2022-45444 | Use of Hard-coded Credentials vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. | 9.8 |
| 2023-01-18 | CVE-2022-46733 | Cross-site Scripting vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site scripting in its backup services. | 9.6 |
| 2023-01-18 | CVE-2022-47395 | Cross-Site Request Forgery (CSRF) vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. | 8.1 |
| 2023-01-18 | CVE-2022-47911 | OS Command Injection vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. | 7.2 |
| 2023-01-18 | CVE-2022-47917 | Improper Input Validation vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to several modules and services of the software. | 6.5 |