Vulnerabilities > Idemia > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2023-4667 Cross-site Scripting vulnerability in Idemia products
The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields.
network
low complexity
idemia CWE-79
4.8
2021-07-22 CVE-2021-35520 Out-of-bounds Write vulnerability in Idemia products
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and information disclosure via serial ports.
local
low complexity
idemia CWE-787
4.6
2021-07-22 CVE-2021-35521 Path Traversal vulnerability in Idemia products
A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via TCP/IP packets.
network
idemia CWE-22
4.9