9 matches found
CVE-2023-33371
CVE-2023-33371 affects Control ID IDSecure 4.7.26.0 and earlier. The vulnerability arises from a hardcoded cryptographic key used to sign and verify JWT session tokens, enabling an attacker to forge tokens and bypass authentication. Exploitation details are not provided in these documents, but th...
CVE-2023-33368
CVE-2023-33368 affects Control ID IDSecure 4.7.26.0 and earlier. The issue concerns API routes that exfiltrate sensitive information and passwords to users accessing those routes. Impact: information disclosure (Confidentiality HIGH per CVSS). No fix version is publicly documented in the provided...
CVE-2023-33370
CVE-2023-33370 affects Control ID IDSecure 4.7.26.0 and earlier. An uncaught exception vulnerability could cause the main web server to fault and crash, resulting in a denial of service. The issue is documented across multiple sources (NVD, Red Hat advisory, CNNVD, etc.). Affected component: IDSe...
CVE-2023-33367
Control ID IDSecure versions 4.7.26.0 and prior are affected by a SQL injection vulnerability. The flaw allows unauthenticated attackers to write PHP files on the server’s root directory, enabling remote code execution. This is rooted in input handling in IDSecure leading to arbitrary file writes...
CVE-2023-2044
CVE-2023-2044 affects Control iD iDSecure 4.7.29.1, specifically the Dispositivos Page component. The vulnerability stems from manipulation of the IP-DNS parameter, leading to cross-site scripting that can be triggered remotely. Public details are provided by multiple sources (e.g., Red Hat, PT-S...
CVE-2023-33369
Control ID IDSecure versions 4.7.26.0 and earlier are affected by a path traversal vulnerability that could let an attacker delete arbitrary files on the IDSecure filesystem, causing a denial of service. The available documents confirm the product and vulnerable behavior but do not provide specif...
CVE-2025-49853
CVE-2025-49853 affects ControlID iDSecure On-premises versions 4.7.48.0 and prior. Root cause is an SQL injection vulnerability that could leak arbitrary information and allow insertion of arbitrary SQL syntax into queries, impacting confidentiality and integrity (CVSS 3.1/4.0 CRITICAL). Remediat...
CVE-2025-49851
The CVE-2025-49851 entry concerns ControlID iDSecure On-premises, affected versions 4.7.48.0 and prior. The root cause is an improper authentication vulnerability that could let an attacker bypass authentication and gain permissions in the product. Public sources in the connected documents corrob...
CVE-2025-49852
CVE-2025-49852 affects ControlID iDSecure On-premises (versions 4.7.48.0 and prior). The root cause is a Server-Side Request Forgery (SSRF) vulnerability that could allow an unauthenticated attacker to retrieve information from other servers. Public advisories (CISA ICS, Red Hat, CVE list, NVD) c...