Vulnerabilities > Zkteco > Biotime > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-03 | CVE-2023-38949 | Unspecified vulnerability in Zkteco Biotime 8.5.5 An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request. | 7.5 |
2023-08-03 | CVE-2023-38950 | Path Traversal vulnerability in Zkteco Biotime 8.5.5 A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. | 7.5 |
2023-08-03 | CVE-2023-38952 | Files or Directories Accessible to External Parties vulnerability in Zkteco Biotime 8.5.5 Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system. | 7.5 |