GCVE - cpe:2.3:a:assaabloy:control_id_idsecure:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:assaabloy:control_id_idsecure:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Assaabloy (`13b2d9d8-0cf6-5cc8-94af-0785312c0fe5`)
Product	Control Id Idsecure (`f0a347ba-7d7f-528d-9bcf-f27a3c86f3c4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-33371`	vulnerable	2026-06-03 14:52:13.528123	Details available Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. Published: 2023-08-03T00:00:00.000Z Updated: 2024-10-17T16:46:34.211Z Open on db.gcve.eu Reference links https://www.controlid.com.br/en/access-control/idsecure/ https://claroty.com/team82/disclosure-dashboard/cve-2023-33371	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33370`	vulnerable	2026-06-03 14:52:13.527853	Details available An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service. Published: 2023-08-03T00:00:00.000Z Updated: 2024-10-17T18:18:03.522Z Open on db.gcve.eu Reference links https://www.controlid.com.br/en/access-control/idsecure/ https://claroty.com/team82/disclosure-dashboard/cve-2023-33370	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33369`	vulnerable	2026-06-03 14:52:13.527574	Details available A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service. Published: 2023-08-03T00:00:00.000Z Updated: 2024-10-17T18:20:31.373Z Open on db.gcve.eu Reference links https://www.controlid.com.br/en/access-control/idsecure/ https://claroty.com/team82/disclosure-dashboard/cve-2023-33369	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33368`	vulnerable	2026-06-03 14:52:13.527270	Details available Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. Published: 2023-08-03T00:00:00.000Z Updated: 2024-10-17T18:21:24.849Z Open on db.gcve.eu Reference links https://www.controlid.com.br/en/access-control/idsecure/ https://claroty.com/team82/disclosure-dashboard/cve-2023-33368	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33367`	vulnerable	2026-06-03 14:52:13.526858	Details available A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution. Published: 2023-08-05T00:00:00.000Z Updated: 2024-10-17T14:48:32.915Z Open on db.gcve.eu Reference links https://www.controlid.com.br/en/access-control/idsecure/ https://claroty.com/team82/disclosure-dashboard/cve-2023-33367	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.