Vulnerabilities (CVE)

Filtered by vendor Assaabloy Subscribe

Filtered by product Control Id Idsecure

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-33367	1 Assaabloy	1 Control Id Idsecure	2023-08-09	N/A	9.8 CRITICAL
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.
CVE-2023-33369	1 Assaabloy	1 Control Id Idsecure	2023-08-07	N/A	9.1 CRITICAL
A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service.
CVE-2023-33371	1 Assaabloy	1 Control Id Idsecure	2023-08-05	N/A	9.8 CRITICAL
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.