Vendor
ICT
Products
3
CVEs
3
Across products
4
Status
Private
Products
3- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29941 | Hig | 0.52 | 8.0 | 0.00 | May 6, 2024 | Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption. | ||
| CVE-2022-29734 | Med | 0.35 | 5.4 | 0.00 | Jun 2, 2022 | A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | ||
| CVE-2022-29731 | Med | 0.28 | 4.3 | 0.00 | Jun 2, 2022 | An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. |
- risk 0.52cvss 8.0epss 0.00
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption.
- risk 0.35cvss 5.4epss 0.00
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
- risk 0.28cvss 4.3epss 0.00
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users.