Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zkteco biotime vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-30515
ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an malicious user to view them through filename enumeration.
Zkteco Biotime 8.5.4
Zkteco Biotime 8.5.5
6.8
CVSSv3
CVE-2022-38803
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF
Zkteco Biotime
5.4
CVSSv3
CVE-2022-38801
In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.
Zkteco Biotime
6.2
CVSSv3
CVE-2022-38802
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as ...
Zkteco Biotime
7.5
CVSSv3
CVE-2023-38949
An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated malicious users to arbitrarily reset the Administrator password via a crafted web request.
Zkteco Biotime 8.5.5
7.5
CVSSv3
CVE-2023-38950
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated malicious users to read arbitrary files via supplying a crafted payload.
Zkteco Biotime 8.5.5
9.8
CVSSv3
CVE-2023-38951
A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows malicious users to write arbitrary files via using a malicious SFTP configuration.
Zkteco Biotime 8.5.5
7.5
CVSSv3
CVE-2023-38952
Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated malicious users to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.
Zkteco Biotime 8.5.5
NA
CVE-2023-51142
An issue in ZKTeco BioTime v.8.5.4 and before allows a remote malicious user to obtain sensitive information.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started