Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Biotime Security Vulnerabilities - 2023

cve
cve

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request.

7.5CVSS

7.5AI Score

0.001EPSS

2023-08-03 11:15 PM
2484
cve
cve

CVE-2023-38950

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.

7.5CVSS

7.8AI Score

0.002EPSS

2023-08-03 11:15 PM
2468
cve
cve

CVE-2023-38951

A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration.

9.8CVSS

9.3AI Score

0.002EPSS

2023-08-03 11:15 PM
39
cve
cve

CVE-2023-38952

Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.

7.5CVSS

7.7AI Score

0.002EPSS

2023-08-03 11:15 PM
34