Vulnerabilities > Zkteco > Biotime

DATE CVE VULNERABILITY TITLE RISK
2024-07-05 CVE-2024-6523 Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3/8.5.4/8.5.5
A vulnerability was found in ZKTeco BioTime up to 9.5.2.
network
low complexity
zkteco CWE-79
5.4
2023-08-03 CVE-2023-38949 Unspecified vulnerability in Zkteco Biotime 8.5.5
An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request.
network
low complexity
zkteco
7.5
2023-08-03 CVE-2023-38950 Path Traversal vulnerability in Zkteco Biotime 8.5.5
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.
network
low complexity
zkteco CWE-22
7.5
2023-08-03 CVE-2023-38951 Path Traversal vulnerability in Zkteco Biotime 8.5.5
A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration.
network
low complexity
zkteco CWE-22
critical
9.8
2023-08-03 CVE-2023-38952 Files or Directories Accessible to External Parties vulnerability in Zkteco Biotime 8.5.5
Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.
network
low complexity
zkteco CWE-552
7.5
2022-11-30 CVE-2022-38801 Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3
In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.
network
low complexity
zkteco CWE-79
5.4
2022-11-30 CVE-2022-38802 Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday.
network
low complexity
zkteco CWE-79
6.2
2022-11-30 CVE-2022-38803 Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log.
network
low complexity
zkteco CWE-79
6.8
2022-11-08 CVE-2022-30515 Missing Authentication for Critical Function vulnerability in Zkteco Biotime 8.5.4/8.5.5
ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration.
network
low complexity
zkteco CWE-306
5.3