Biotime@8.5.5 Security Vulnerabilities and Issues — Biotime@8.5.5 CVE List

Lucene search

ZktecoBiotime8.5.5

5 matches found

CVE•added 2023/08/03 11:15 p.m.•2573 views

CVE-2023-38950

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.

7.5CVSS7.8AI score0.82484EPSS

CVE•added 2023/08/03 11:15 p.m.•2520 views

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request.

7.5CVSS7.5AI score0.00143EPSS

CVE•added 2023/08/03 11:15 p.m.•94 views

CVE-2023-38951

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH...

9.8CVSS9.6AI score0.00522EPSS

CVE•added 2023/08/03 11:15 p.m.•65 views

CVE-2023-38952

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforced...

7.5CVSS8.2AI score0.001EPSS

CVE•added 2022/11/08 11:15 p.m.•53 views

CVE-2022-30515

ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration.

5.3CVSS5.4AI score0.00198EPSS