ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.
References
Link | Resource |
---|---|
http://seclists.org/bugtraq/2017/Sep/20 | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2017/Sep/39 | Exploit Mailing List Third Party Advisory |
http://seclists.org/bugtraq/2017/Sep/20 | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2017/Sep/39 | Exploit Mailing List Third Party Advisory |
Configurations
History
21 Nov 2024, 03:13
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/bugtraq/2017/Sep/20 - Exploit, Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2017/Sep/39 - Exploit, Mailing List, Third Party Advisory |
Information
Published : 2017-09-21 23:29
Updated : 2024-11-21 03:13
NVD link : CVE-2017-14680
Mitre link : CVE-2017-14680
CVE.ORG link : CVE-2017-14680
JSON object : View
Products Affected
zkteco
- zktime_web
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor