87 matches found
CVE-2023-33368
Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes...
Path traversal
A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service...
Information disclosure
Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes...
Design/Logic Flaw
An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service...
CVE-2023-33370
An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service...
CVE-2023-33368
CVE-2023-33368 affects Control ID IDSecure 4.7.26.0 and earlier. The issue concerns API routes that exfiltrate sensitive information and passwords to users accessing those routes. Impact: information disclosure (Confidentiality HIGH per CVSS). No fix version is publicly documented in the provided...
CVE-2023-33371
CVE-2023-33371 affects Control ID IDSecure 4.7.26.0 and earlier. The vulnerability arises from a hardcoded cryptographic key used to sign and verify JWT session tokens, enabling an attacker to forge tokens and bypass authentication. Exploitation details are not provided in these documents, but th...
CVE-2023-33368
Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes...
PT-2023-24319 · Control Id · Idsecure
Name of the Vulnerable Software and Affected Versions: Control ID IDSecure versions 4.7.26.0 and prior Description: An uncaught exception vulnerability exists, allowing attackers to cause the main web server of IDSecure to fault and crash, resulting in a denial of service. Recommendations: For...
Control ID IDSecure Trust Management Issue Vulnerability
Control ID IDSecure is software from Control ID that controls access to personnel and vehicles in companies of all sizes. A security vulnerability exists in Control ID IDSecure version 4.7.26.0 and prior versions, which stems from the use of a hard-coded key to sign and verify JWT session tokens,...
Control ID IDSecure Security Vulnerability
Control ID IDSecure is software from Control ID that controls access to personnel and vehicles in companies of all sizes. A security vulnerability exists in Control ID IDSecure version 4.7.26.0 and prior versions, which stems from the presence of a number of API routes, thereby disclosing sensiti...
CVE-2023-33371
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...
CVE-2023-33369
A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service...
CVE-2023-33370
An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service...
Control ID IDSecure Path Traversal Vulnerability
Control ID IDSecure is software from Control ID that controls access to personnel and vehicles in companies of all sizes. A security vulnerability exists in Control ID IDSecure version 4.7.26.0 and earlier, which stems from the presence of a path traversal vulnerability that could allow an attack...
PT-2023-24316 · Control Id · Idsecure
Name of the Vulnerable Software and Affected Versions: Control ID IDSecure versions 4.7.26.0 and prior Description: The issue allows some API routes to exfiltrate sensitive information and passwords to users accessing these routes. Recommendations: For Control ID IDSecure versions 4.7.26.0 and...
CVE-2023-33368
Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes...
CVE-2023-33369
Control ID IDSecure versions 4.7.26.0 and earlier are affected by a path traversal vulnerability that could let an attacker delete arbitrary files on the IDSecure filesystem, causing a denial of service. The available documents confirm the product and vulnerable behavior but do not provide specif...
CVE-2023-33369
A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service...
CVE-2023-33370
CVE-2023-33370 affects Control ID IDSecure 4.7.26.0 and earlier. An uncaught exception vulnerability could cause the main web server to fault and crash, resulting in a denial of service. The issue is documented across multiple sources (NVD, Red Hat advisory, CNNVD, etc.). Affected component: IDSe...