CVE-2023-51142

This CVE affects ZKTeco BioTime software, specifically versions 8.5.4 and earlier. The publicly documented impact is that a remote attacker can obtain sensitive information. The connected PT-2024-14056 entry confirms remediation guidance: update to a version later than 8.5.4 to resolve the issue....

CVE-2023-51141

An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component...

PT-2024-14055 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: ZKTeko BioTime versions 8.5.4 and earlier Description: An issue in the Authentication & Authorization component allows a remote attacker to obtain sensitive information. Monitor access logs for unusual activity. Recommendations: For ZKTeko...

CVE-2023-51142

An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information...

CVE-2023-51141

An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component...

ZKTeco BioTime Password Reset Vulnerability

ZKTeco BioTime is a powerful web-based time and attendance management software from ZKTeco, China. A password reset vulnerability exists in ZKTeco BioTime, which can be exploited by an attacker to arbitrarily reset the administrator's password via a crafted web request...

The vulnerability of the BioTime time-logging management web platform, related to deficiencies in access control, allows a violator to gain unauthorized access to protected information.

The vulnerability of the BioTime time-logging management web platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by sending a specially crafted HTTP request...

The vulnerability of the iclock interface on the BioTime web-based time tracking platform allows a violator to gain access to read any arbitrary files.

The vulnerability of the iclock interface on the BioTime time tracking management web platform is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow an attacker operating remotely to gain read access to arbitrary files...

The vulnerability of the BioTime web-based time management platform’s interface, which allows a violator to bypass the administrator password

The vulnerability of the BioTime time tracking web management platform’s interface is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to bypass the administrator’s password by sending a specially crafted request...

The vulnerability of the SFTP Secure File Transfer Protocol implementation in the BioTime time management web platform allows a violator to write arbitrary files.

The vulnerability of the SFTP Secure File Transfer Protocol implementation in the BioTime time-off management web platform is related to errors in processing the relative path to the directory. Exploiting this vulnerability allows a remote attacker to write arbitrary files...

CVE-2023-38952

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforc...

CVE-2023-38952

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforc...

CVE-2023-38950

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime...

CVE-2023-38950

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime...

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...

Path traversal

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload...

Path traversal

A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration...

Cross site request forgery (csrf)

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...

Design/Logic Flaw

Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system...