Vulnerabilities > Hypr
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-5097 | Improper Input Validation vulnerability in Hypr Workforce Access Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7. | 5.5 |
| 2024-01-16 | CVE-2023-6334 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hypr Workforce Access Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7. | 7.8 |
| 2024-01-16 | CVE-2023-6335 | Link Following vulnerability in Hypr Workforce Access Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. | 7.8 |
| 2024-01-16 | CVE-2023-6336 | Link Following vulnerability in Hypr Workforce Access Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. | 7.8 |
| 2023-05-23 | CVE-2023-1837 | Missing Authentication for Critical Function vulnerability in Hypr Server Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs) | 8.8 |
| 2023-04-28 | CVE-2023-0834 | Incorrect Permission Assignment for Critical Resource vulnerability in Hypr Workforce Access Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1. | 9.8 |
| 2023-04-28 | CVE-2023-1477 | Improper Authentication vulnerability in Hypr Keycloak Authenticator 8.0.0 Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3. | 8.8 |
| 2022-11-03 | CVE-2022-3258 | Incorrect Permission Assignment for Critical Resource vulnerability in Hypr Workforce Access Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse. | 8.8 |
| 2022-07-19 | CVE-2022-1984 | Deserialization of Untrusted Data vulnerability in Hypr Workforce Access This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.2 may allow local authenticated attackers to elevate privileges via a malicious serialized payload. | 7.8 |
| 2022-07-19 | CVE-2022-2192 | Forced Browsing vulnerability in Hypr Server 6.10/6.14.1/6.15.1 Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. | 8.8 |