Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38949 | 1 Zkteco | 1 Biotime | 2023-08-08 | N/A | 7.5 HIGH |
| An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request. | |||||
| CVE-2023-38951 | 1 Zkteco | 1 Biotime | 2023-08-08 | N/A | 9.8 CRITICAL |
| A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration. | |||||
| CVE-2023-38950 | 1 Zkteco | 1 Biotime | 2023-08-08 | N/A | 7.5 HIGH |
| A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. | |||||
| CVE-2023-38952 | 1 Zkteco | 1 Biotime | 2023-08-08 | N/A | 7.5 HIGH |
| Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system. | |||||