CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.3%

CVSS Severity

CVSS v3 Score 7.5

References

http://zkteco.com
https://claroty.com/team82/disclosure-dashboard/cve-2023-38949
http://zkteco.com
https://claroty.com/team82/disclosure-dashboard/cve-2023-38949

Products affected by CVE-2023-38949

Zkteco » Biotime » Version: 8.5.5

cpe:2.3:a:zkteco:biotime:8.5.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-38949

Products

Pricing

Contact Us