Vulnerabilities > Empowerid
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-11 | CVE-2023-40260 | Improper Authentication vulnerability in Empowerid 7.205.0.0 EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). | 9.1 |
2023-08-06 | CVE-2023-4177 | Insufficient Verification of Data Authenticity vulnerability in Empowerid 7.205.0.0 A vulnerability was found in EmpowerID up to 7.205.0.0. | 5.7 |