exploitDog

CVE-2022-30515

Опубликовано: 08 нояб. 2022

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration.

Ссылки

https://codingkoala.eu/posts/CVE202230515/
Exploit
Third Party Advisory
https://www.zkteco.me/software-5
Product
Vendor Advisory
https://codingkoala.eu/posts/CVE202230515/
Exploit
Third Party Advisory
https://www.zkteco.me/software-5
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zkteco:biotime:8.5.4:*:*:*:*:*:*:*

cpe:2.3:a:zkteco:biotime:8.5.5:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00221

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-306

CWE-306

Связанные уязвимости

GHSA-93cj-p8xr-qghp

CVSS3: 5.3

github

около 3 лет назад

ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration.

EPSS

Процентиль: 45%

0.00221

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-306

CWE-306