Lucene search

K
AssaabloyControl Id Idsecure

6 matches found

CVE
CVE
added 2023/08/03 1:15 a.m.2497 views

CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.

9.8CVSS9.3AI score0.00054EPSS
CVE
CVE
added 2023/08/03 1:15 a.m.2484 views

CVE-2023-33368

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.

6.5CVSS6.3AI score0.00158EPSS
CVE
CVE
added 2023/08/03 1:15 a.m.44 views

CVE-2023-33370

An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service.

7.5CVSS7.3AI score0.00186EPSS
CVE
CVE
added 2023/04/14 10:15 a.m.40 views

CVE-2023-2044

A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the id...

6.1CVSS4.9AI score0.00059EPSS
CVE
CVE
added 2023/08/05 2:15 a.m.39 views

CVE-2023-33367

A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.

9.8CVSS10AI score0.01075EPSS
CVE
CVE
added 2023/08/03 1:15 a.m.32 views

CVE-2023-33369

A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service.

9.1CVSS8.9AI score0.00593EPSS