HID Global
Products
4- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-36283 | Cri | 0.62 | 9.6 | 0.01 | Mar 24, 2021 | HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the… | ||
| CVE-2024-22388 | Med | 0.38 | 5.9 | 0.00 | Feb 6, 2024 | Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys. | ||
| CVE-2019-13603 | Med | 0.38 | 5.9 | 0.01 | Jul 16, 2019 | An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that.… | ||
| CVE-2019-13604 | Med | 0.38 | 5.9 | 0.01 | Jul 15, 2019 | There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to recover the key and decrypt that image using… | ||
| CVE-2024-23806 | Med | 0.34 | 5.3 | 0.00 | Feb 7, 2024 | Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys. |
- risk 0.62cvss 9.6epss 0.01
HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the…
- risk 0.38cvss 5.9epss 0.00
Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.
- risk 0.38cvss 5.9epss 0.01
An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that.…
- risk 0.38cvss 5.9epss 0.01
There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to recover the key and decrypt that image using…
- risk 0.34cvss 5.3epss 0.00
Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.