CVE-2022-38802
published 2022-11-30CVE-2022-38802: Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and…
PriorityP427medium6.2CVSS 3.1
AVNACLPRHUIRSCCHINAN
EPSS
0.64%
46.0th percentile
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zkteco | biotime | < 8.5.4 | 8.5.4 |
CVSS provenance
nvdv3.16.2MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
frr vulnerabilities
osv·2024-06-05·CVSS 7.8
CVE-2022-26126 frr vulnerabilities
frr vulnerabilities
It was discovered that FRR incorrectly handled certain network traffic.
A remote attacker could possibly use this issue to cause FRR to crash,
resulting in a denial of service. (CVE-2022-26126, CVE-2022-26127,
CVE-2022-26128, CVE-2022-26129, CVE-2022-37032, CVE-2022-37035,
CVE-2023-31490, CVE-2023-38406, CVE-2023-38407, CVE-2023-46752,
CVE-2023-46753, CVE-2023-47234, CVE-2023-47235, CVE-2024-31948)
Ben Cartwright-Cox discovered that FRR incorrectly handled certain
network traffic. A remote attacker could possibly use this issue to cause
FRR to crash, resulting in a denial of service. (CVE-2023-38802)
GHSA
GHSA-7hfw-w75q-mqr2: Zkteco BioTime < 8
ghsa_unreviewed·2022-11-30
CVE-2022-38802 [MEDIUM] CWE-79 GHSA-7hfw-w75q-mqr2: Zkteco BioTime < 8
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-30
Published