Vulnerabilities > Zkteco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-05 | CVE-2024-6523 | Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3/8.5.4/8.5.5 A vulnerability was found in ZKTeco BioTime up to 9.5.2. | 5.4 |
| 2024-05-30 | CVE-2024-35429 | Path Traversal vulnerability in Zkteco Zkbio Cvsecurity 6.1.1 ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord. | 6.5 |
| 2023-09-04 | CVE-2023-4587 | Authorization Bypass Through User-Controlled Key vulnerability in Zkteco Zem800 Firmware 6.60 An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. | 5.5 |
| 2023-08-03 | CVE-2023-38958 | Incorrect Authorization vulnerability in Zkteco Bioaccess IVS 3.3.1 An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request. | 5.3 |
| 2022-12-09 | CVE-2022-44213 | Cross-site Scripting vulnerability in Zkteco Automatic Data Master Server ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). | 4.8 |
| 2022-11-30 | CVE-2022-38801 | Cross-site Scripting vulnerability in Zkteco Biotime In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting. | 5.4 |
| 2022-11-30 | CVE-2022-38802 | Cross-site Scripting vulnerability in Zkteco Biotime Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. | 6.2 |
| 2022-11-30 | CVE-2022-38803 | Cross-site Scripting vulnerability in Zkteco Biotime Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. | 6.8 |
| 2022-11-08 | CVE-2022-30515 | Missing Authentication for Critical Function vulnerability in Zkteco Biotime 8.5.4/8.5.5 ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. | 5.3 |
| 2020-08-14 | CVE-2020-17473 | Insufficient Session Expiration vulnerability in Zkteco Facedepot 7B Firmware and Zkbiosecurity Server Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server. | 4.3 |