Vulnerabilities > Zkteco > Zkbiosecurity Server
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-14 | CVE-2020-17474 | Insufficient Session Expiration vulnerability in Zkteco Facedepot 7B Firmware and Zkbiosecurity Server A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database. | 7.5 |
2020-08-14 | CVE-2020-17473 | Insufficient Session Expiration vulnerability in Zkteco Facedepot 7B Firmware and Zkbiosecurity Server Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server. | 4.3 |