Controlid

Idsecure

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2025-49853

  • EPSS 0.06%
  • Veröffentlicht 24.06.2025 19:23:19
  • Zuletzt bearbeitet 02.07.2025 16:32:40

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and insert arbitrary SQL syntax into SQL queries.

8.7

CVE-2025-49852

  • EPSS 0.09%
  • Veröffentlicht 24.06.2025 19:19:42
  • Zuletzt bearbeitet 02.07.2025 16:33:10

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers.

9.8

CVE-2025-49851

  • EPSS 0.1%
  • Veröffentlicht 24.06.2025 19:17:08
  • Zuletzt bearbeitet 02.07.2025 16:33:17

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an Improper Authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product.

9.8

CVE-2023-6329

Exploit
  • EPSS 92.49%
  • Veröffentlicht 27.11.2023 17:15:09
  • Zuletzt bearbeitet 21.11.2024 08:43:38

An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass ...