Vulnerabilities > Zkteco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-08 | CVE-2022-30515 | Missing Authentication for Critical Function vulnerability in Zkteco Biotime 8.5.4/8.5.5 ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. | 5.3 |
| 2020-08-14 | CVE-2020-17473 | Insufficient Session Expiration vulnerability in Zkteco Facedepot 7B Firmware and Zkbiosecurity Server Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server. | 5.9 |
| 2017-12-04 | CVE-2017-17057 | Cross-site Scripting vulnerability in Zkteco Zktime web 2.0.1.12280 There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. | 6.1 |