CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-13129

Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.4%

CVSS Severity

CVSS v3 Score 8.0

CVSS v2 Score 6.0

References

http://seclists.org/bugtraq/2017/Sep/19
http://seclists.org/fulldisclosure/2017/Sep/38
http://seclists.org/bugtraq/2017/Sep/19
http://seclists.org/fulldisclosure/2017/Sep/38

Products affected by CVE-2017-13129

Zkteco » Zktime Web » Version: 2.0.1.12280

cpe:2.3:a:zkteco:zktime_web:2.0.1.12280

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-13129

Products

Pricing

Contact Us