Lucene search
K

87 matches found

NVD
NVD
added 2023/08/03 1:15 a.m.11 views

CVE-2023-33368

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes...

6.5CVSS6.4AI score0.00541EPSS
Exploits0References2
Prion
Prion
added 2023/08/03 1:15 a.m.16 views

Path traversal

A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service...

6.4CVSS9AI score0.00743EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/08/03 1:15 a.m.15 views

Information disclosure

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes...

4CVSS6.3AI score0.00541EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/08/03 1:15 a.m.29 views

Design/Logic Flaw

An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service...

5CVSS7.4AI score0.00629EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/03 12:0 a.m.21 views

CVE-2023-33370

An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service...

7.6AI score0.00629EPSS
Exploits0References2
CVE
CVE
added 2023/08/03 12:0 a.m.2499 views

CVE-2023-33368

CVE-2023-33368 affects Control ID IDSecure 4.7.26.0 and earlier. The issue concerns API routes that exfiltrate sensitive information and passwords to users accessing those routes. Impact: information disclosure (Confidentiality HIGH per CVSS). No fix version is publicly documented in the provided...

6.5CVSS6.3AI score0.00541EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/08/03 12:0 a.m.2520 views

CVE-2023-33371

CVE-2023-33371 affects Control ID IDSecure 4.7.26.0 and earlier. The vulnerability arises from a hardcoded cryptographic key used to sign and verify JWT session tokens, enabling an attacker to forge tokens and bypass authentication. Exploitation details are not provided in these documents, but th...

9.8CVSS9.3AI score0.0085EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/03 12:0 a.m.12 views

CVE-2023-33368

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes...

6.5AI score0.00541EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.4 views

PT-2023-24319 · Control Id · Idsecure

Name of the Vulnerable Software and Affected Versions: Control ID IDSecure versions 4.7.26.0 and prior Description: An uncaught exception vulnerability exists, allowing attackers to cause the main web server of IDSecure to fault and crash, resulting in a denial of service. Recommendations: For...

7.5CVSS7.3AI score0.00629EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.6 views

Control ID IDSecure Trust Management Issue Vulnerability

Control ID IDSecure is software from Control ID that controls access to personnel and vehicles in companies of all sizes. A security vulnerability exists in Control ID IDSecure version 4.7.26.0 and prior versions, which stems from the use of a hard-coded key to sign and verify JWT session tokens,...

9.8CVSS6.9AI score0.0085EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.5 views

Control ID IDSecure Security Vulnerability

Control ID IDSecure is software from Control ID that controls access to personnel and vehicles in companies of all sizes. A security vulnerability exists in Control ID IDSecure version 4.7.26.0 and prior versions, which stems from the presence of a number of API routes, thereby disclosing sensiti...

6.5CVSS6.5AI score0.00541EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/03 12:0 a.m.25 views

CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...

9.7AI score0.0085EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/03 12:0 a.m.12 views

CVE-2023-33369

A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service...

7AI score0.00743EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/03 12:0 a.m.12 views

CVE-2023-33370

An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service...

6.8AI score0.00629EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.6 views

Control ID IDSecure Path Traversal Vulnerability

Control ID IDSecure is software from Control ID that controls access to personnel and vehicles in companies of all sizes. A security vulnerability exists in Control ID IDSecure version 4.7.26.0 and earlier, which stems from the presence of a path traversal vulnerability that could allow an attack...

9.1CVSS6.8AI score0.00743EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.4 views

PT-2023-24316 · Control Id · Idsecure

Name of the Vulnerable Software and Affected Versions: Control ID IDSecure versions 4.7.26.0 and prior Description: The issue allows some API routes to exfiltrate sensitive information and passwords to users accessing these routes. Recommendations: For Control ID IDSecure versions 4.7.26.0 and...

6.5CVSS6.3AI score0.00541EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/08/03 12:0 a.m.14 views

CVE-2023-33368

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes...

6.6AI score0.00541EPSS
Exploits0References2
CVE
CVE
added 2023/08/03 12:0 a.m.46 views

CVE-2023-33369

Control ID IDSecure versions 4.7.26.0 and earlier are affected by a path traversal vulnerability that could let an attacker delete arbitrary files on the IDSecure filesystem, causing a denial of service. The available documents confirm the product and vulnerable behavior but do not provide specif...

9.1CVSS8.9AI score0.00743EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/03 12:0 a.m.21 views

CVE-2023-33369

A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service...

9.2AI score0.00743EPSS
Exploits0References2
CVE
CVE
added 2023/08/03 12:0 a.m.57 views

CVE-2023-33370

CVE-2023-33370 affects Control ID IDSecure 4.7.26.0 and earlier. An uncaught exception vulnerability could cause the main web server to fault and crash, resulting in a denial of service. The issue is documented across multiple sources (NVD, Red Hat advisory, CNNVD, etc.). Affected component: IDSe...

7.5CVSS7.3AI score0.00629EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder