Known Vulnerabilities for Zktime Web by Zkteco
Listed below are 4 of the newest known vulnerabilities associated with "Zktime Web" by "Zkteco".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2017-17057 | There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of ... | 6.1 - MEDIUM | 2017-12-04 | 2017-12-21 |
| CVE-2017-17056 | The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'passw... | 8.8 - HIGH | 2017-12-04 | 2017-12-20 |
| CVE-2017-14680 | ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF do... | 7.5 - HIGH | 2017-09-21 | 2017-10-03 |
| CVE-2017-13129 | Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack ... | 8 - HIGH | 2017-09-26 | 2017-10-03 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Zkteco | Zktime Web | 2.0.1.12280 | All | All | All |