Zkteco: >> Biotime Security Vulnerabilities
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF
CVSS Score
6.8
EPSS Score
0.001
Published
2022-11-30
ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-11-08
Page 2