| ID |
CVE-2022-38802
|
| Sažetak |
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF |
| Reference |
|
| CVSS |
| Base: | 6.2 |
| Impact: | 4.0 |
| Exploitability: | 1.7 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
LOW |
- |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| HIGH |
NONE |
NONE |
|
| CVSS vektor |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N |
| Zadnje važnije ažuriranje |
02-12-2022 - 17:18 |
| Objavljeno |
30-11-2022 - 14:15 |
