Control ID Idsecure

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-05	CVE-2023-33367	SQL Injection vulnerability in Assaabloy Control ID Idsecure A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution. network low complexity assaabloy CWE-89 critical	9.8
2023-08-03	CVE-2023-33368	Exposure of Resource to Wrong Sphere vulnerability in Assaabloy Control ID Idsecure Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. network low complexity assaabloy CWE-668	6.5
2023-08-03	CVE-2023-33369	Path Traversal vulnerability in Assaabloy Control ID Idsecure A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service. network low complexity assaabloy CWE-22 critical	9.1
2023-08-03	CVE-2023-33370	Improper Handling of Exceptional Conditions vulnerability in Assaabloy Control ID Idsecure An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service. network low complexity assaabloy CWE-755	7.5
2023-08-03	CVE-2023-33371	Use of Hard-coded Credentials vulnerability in Assaabloy Control ID Idsecure Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. network low complexity assaabloy CWE-798 critical	9.8
2023-04-14	CVE-2023-2044	Cross-site Scripting vulnerability in Assaabloy Control ID Idsecure 4.7.29.1 A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. network low complexity assaabloy CWE-79	6.1