Biotime Security Vulnerabilities and Issues — Biotime CVE List

Lucene search

ZktecoBiotime

4 matches found

CVE•added 2023/08/03 11:15 p.m.•2575 views

CVE-2023-38950

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.

7.5CVSS7.8AI score0.82484EPSS

CVE•added 2023/08/03 11:15 p.m.•2520 views

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request.

7.5CVSS7.5AI score0.00143EPSS

CVE•added 2023/08/03 11:15 p.m.•65 views

CVE-2023-38952

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforced...

7.5CVSS8.2AI score0.001EPSS

CVE•added 2024/04/11 1:22 a.m.•37 views

CVE-2023-51142

An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information.

7.5CVSS6.6AI score0.00248EPSS