Vulnerabilities (CVE)

Filtered by vendor Idattend Subscribe
Filtered by product Idweb
Total 14 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-27377 1 Idattend 1 Idweb 2024-09-25 N/A 7.5 HIGH
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
CVE-2023-27376 1 Idattend 1 Idweb 2024-09-25 N/A 7.5 HIGH
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
CVE-2023-27375 1 Idattend 1 Idweb 2024-09-25 N/A 7.5 HIGH
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
CVE-2023-27261 1 Idattend 1 Idweb 2024-09-25 N/A 6.5 MEDIUM
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.
CVE-2023-27259 1 Idattend 1 Idweb 2024-09-25 N/A 7.5 HIGH
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.
CVE-2023-27258 1 Idattend 1 Idweb 2024-09-25 N/A 7.5 HIGH
Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.
CVE-2023-27257 1 Idattend 1 Idweb 2024-09-25 N/A 7.5 HIGH
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.
CVE-2023-27256 1 Idattend 1 Idweb 2024-09-25 N/A 5.3 MEDIUM
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.
CVE-2023-26576 1 Idattend 1 Idweb 2024-09-25 N/A 7.5 HIGH
Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
CVE-2023-26575 1 Idattend 1 Idweb 2024-09-25 N/A 7.5 HIGH
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.
CVE-2023-26574 1 Idattend 1 Idweb 2024-09-25 N/A 7.5 HIGH
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
CVE-2023-26573 1 Idattend 1 Idweb 2024-09-25 N/A 9.1 CRITICAL
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.
CVE-2023-26571 1 Idattend 1 Idweb 2024-09-25 N/A 7.5 HIGH
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.
CVE-2023-26570 1 Idattend 1 Idweb 2024-09-25 N/A 7.5 HIGH
Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.