Lucene search
K
AssaabloyControl Id Idsecure

9 matches found

CVE
CVE
added 2023/08/03 12:0 a.m.2520 views

CVE-2023-33371

CVE-2023-33371 affects Control ID IDSecure 4.7.26.0 and earlier. The vulnerability arises from a hardcoded cryptographic key used to sign and verify JWT session tokens, enabling an attacker to forge tokens and bypass authentication. Exploitation details are not provided in these documents, but th...

9.8CVSS9.3AI score0.0085EPSS
CVE
CVE
added 2023/08/03 12:0 a.m.2498 views

CVE-2023-33368

CVE-2023-33368 affects Control ID IDSecure 4.7.26.0 and earlier. The issue concerns API routes that exfiltrate sensitive information and passwords to users accessing those routes. Impact: information disclosure (Confidentiality HIGH per CVSS). No fix version is publicly documented in the provided...

6.5CVSS6.3AI score0.00541EPSS
CVE
CVE
added 2023/08/03 12:0 a.m.55 views

CVE-2023-33370

CVE-2023-33370 affects Control ID IDSecure 4.7.26.0 and earlier. An uncaught exception vulnerability could cause the main web server to fault and crash, resulting in a denial of service. The issue is documented across multiple sources (NVD, Red Hat advisory, CNNVD, etc.). Affected component: IDSe...

7.5CVSS7.3AI score0.00629EPSS
CVE
CVE
added 2023/08/05 12:0 a.m.54 views

CVE-2023-33367

Control ID IDSecure versions 4.7.26.0 and prior are affected by a SQL injection vulnerability. The flaw allows unauthenticated attackers to write PHP files on the server’s root directory, enabling remote code execution. This is rooted in input handling in IDSecure leading to arbitrary file writes...

9.8CVSS10AI score0.01068EPSS
CVE
CVE
added 2023/04/14 10:0 a.m.51 views

CVE-2023-2044

CVE-2023-2044 affects Control iD iDSecure 4.7.29.1, specifically the Dispositivos Page component. The vulnerability stems from manipulation of the IP-DNS parameter, leading to cross-site scripting that can be triggered remotely. Public details are provided by multiple sources (e.g., Red Hat, PT-S...

6.1CVSS4.9AI score0.00357EPSS
CVE
CVE
added 2023/08/03 12:0 a.m.44 views

CVE-2023-33369

Control ID IDSecure versions 4.7.26.0 and earlier are affected by a path traversal vulnerability that could let an attacker delete arbitrary files on the IDSecure filesystem, causing a denial of service. The available documents confirm the product and vulnerable behavior but do not provide specif...

9.1CVSS8.9AI score0.00743EPSS
CVE
CVE
added 2025/06/24 7:23 p.m.34 views

CVE-2025-49853

CVE-2025-49853 affects ControlID iDSecure On-premises versions 4.7.48.0 and prior. Root cause is an SQL injection vulnerability that could leak arbitrary information and allow insertion of arbitrary SQL syntax into queries, impacting confidentiality and integrity (CVSS 3.1/4.0 CRITICAL). Remediat...

9.3CVSS7.4AI score0.00445EPSS
CVE
CVE
added 2025/06/24 7:17 p.m.27 views

CVE-2025-49851

The CVE-2025-49851 entry concerns ControlID iDSecure On-premises, affected versions 4.7.48.0 and prior. The root cause is an improper authentication vulnerability that could let an attacker bypass authentication and gain permissions in the product. Public sources in the connected documents corrob...

9.8CVSS6.5AI score0.0048EPSS
CVE
CVE
added 2025/06/24 7:19 p.m.16 views

CVE-2025-49852

CVE-2025-49852 affects ControlID iDSecure On-premises (versions 4.7.48.0 and prior). The root cause is a Server-Side Request Forgery (SSRF) vulnerability that could allow an unauthenticated attacker to retrieve information from other servers. Public advisories (CISA ICS, Red Hat, CVE list, NVD) c...

8.7CVSS6.3AI score0.00357EPSS