CVE Vulnerabilities

CVE-2024-35430

Improper Privilege Management

Published: May 30, 2024 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In ZKTeco ZKBio CVSecurity v6.1.1 an authenticated user can bypass password checks while exporting data from the application.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Potential Mitigations

References