Vulnerabilities > CVE-2023-38952 - Files or Directories Accessible to External Parties vulnerability in Zkteco Biotime 8.5.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |