Incorrect Access Control Vulnerability in Zkteco BioTime Software
CVE-2022-38802

6.2MEDIUM

Key Information:

Vendor: Zkteco
Status: Biotime
Vendor: CVE Published:; 30 November 2022

What is CVE-2022-38802?

Zkteco BioTime prior to version 8.5.3 Build:20200816.447 has an incorrect access control vulnerability that allows authenticated administrators to exploit cross-site scripting (XSS) during data export. This security flaw enables the unauthorized access and reading of local files through various sensitive functionalities including resign, private message handling, manual logs, time intervals, attendance shifts, and holidays. Organizations utilizing affected versions should take prompt action to safeguard their systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.zkteco.com/

https://gist.github.com/hamoshwani/fd7e3d9d9ff8896f1ccf84...

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 30, 2022
Vulnerability Reserved
Aug 29, 2022

JSON

Zkteco

What is CVE-2022-38802?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.