Lucene search

Bioaccess Ivs Security Vulnerabilities - 2023

cve

CVE-2023-38954

ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.

9.8CVSS

9.8AI Score

0.001EPSS

2023-08-03 02:15 AM

cve

CVE-2023-38955

ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.

7.5CVSS

7.3AI Score

0.001EPSS

2023-08-03 02:15 AM

cve

CVE-2023-38956

A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.

7.5CVSS

7.4AI Score

0.001EPSS

2023-08-03 02:15 AM

cve

CVE-2023-38958

An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.

5.3CVSS

5.3AI Score

0.001EPSS

2023-08-03 02:15 AM