CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49853 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ControlID iDSecure On-premises
https://notcve.org/view.php?id=CVE-2025-49853
24 Jun 2025 — ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and insert arbitrary SQL syntax into SQL queries. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49852 – Server-Side Request Forgery (SSRF) in ControlID iDSecure On-premises
https://notcve.org/view.php?id=CVE-2025-49852
24 Jun 2025 — ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a Server-Side Request Forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers. ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49851 – Improper Authentication in ControlID iDSecure On-premises
https://notcve.org/view.php?id=CVE-2025-49851
24 Jun 2025 — ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an Improper Authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product. ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an improper authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 92%CPEs: 1EXPL: 3CVE-2023-6329 – Control iD iDSecure passwordCustom Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-6329
27 Nov 2023 — An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user. [TIPO DE PROBLEMA] en [COMPONENTE] en [PROVEEDOR] [PRODUCTO] [VERSIÓN] en [PLATAFORMAS] permite que [ATACANTE] [IMPACTE] a través de [VECTOR] • https://packetstorm.news/files/id/180858 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2524 – Control iD RHiD direct request
https://notcve.org/view.php?id=CVE-2023-2524
04 May 2023 — A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. • https://vuldb.com/?ctiid.228015 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2421 – Control iD RHiD department cross site scripting
https://notcve.org/view.php?id=CVE-2023-2421
29 Apr 2023 — A vulnerability classified as problematic has been found in Control iD RHiD 23.3.19.0. Affected is an unknown function of the file /v2/#/add/department. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-227718 is the identifier assigned to this vulnerability. • https://vuldb.com/?ctiid.227718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •