Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

iDSecure On-premises

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-49853
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 13.17%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 19:23
Updated-02 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ControlID iDSecure On-premises

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and insert arbitrary SQL syntax into SQL queries.

Action-Not Available
Vendor-assaabloyControlID
Product-control_id_idsecureiDSecure On-premises
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-49852
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.06% / 17.46%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 19:19
Updated-02 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in ControlID iDSecure On-premises

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers.

Action-Not Available
Vendor-assaabloyControlID
Product-control_id_idsecureiDSecure On-premises
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-49851
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.07% / 21.73%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 19:17
Updated-02 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in ControlID iDSecure On-premises

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an improper authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product.

Action-Not Available
Vendor-assaabloyControlID
Product-control_id_idsecureiDSecure On-premises
CWE ID-CWE-287
Improper Authentication