Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CVE-2023-2904
Vulnerability Description
The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.
CVSS Information
N/A
Vulnerability Type
对假设不可变数据的修改(MAID)
Vulnerability Title
HID Global HID SAFE 安全漏洞
Vulnerability Description
HID Global HID SAFE是HID Global公司的一种身份验证和访问控制解决方案,由HID Global开发。它是一种综合性的企业级访问控制系统,旨在提供高级身份验证、访问管理和安全审计功能。 HID Global HID SAFE 5.8.0 到 5.11.3版本存在安全漏洞,该漏洞源于External Visitor Manager portal容易通过应用程序可编程接口 (API)受到攻击,攻击者利用该漏洞可以访问其他用户的个人数据。
CVSS Information
N/A
Vulnerability Type
N/A