本ページは assaabloy control_id_idsecure に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-49853 | ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and insert arbitrary SQL syntax into SQL queries. | [email protected] | 9.3 | 0.45% | 2025-06-24 | 2026-06-17 |
| CVE-2025-49852 | ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers. | [email protected] | 8.7 | 0.36% | 2025-06-24 | 2026-06-17 |
| CVE-2025-49851 | ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an improper authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product. | [email protected] | 8.7 | 0.48% | 2025-06-24 | 2026-06-17 |
| CVE-2023-33367 | A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution. | [email protected] | 9.8 | 1.07% | 2023-08-04 | 2026-06-17 |
| CVE-2023-33371 | Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. | [email protected] | 9.8 | 0.85% | 2023-08-02 | 2026-06-17 |
| CVE-2023-33370 | An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service. | [email protected] | 7.5 | 0.63% | 2023-08-02 | 2026-06-17 |
| CVE-2023-33369 | A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service. | [email protected] | 9.1 | 0.74% | 2023-08-02 | 2026-06-17 |
| CVE-2023-33368 | Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. | [email protected] | 6.5 | 0.54% | 2023-08-02 | 2026-06-17 |
| CVE-2023-2044 | A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 3.5 | 0.36% | 2023-04-14 | 2026-06-17 |