Skip to main content

Control Id Idsecure

9 CVEs product

Monthly

CVE-2025-49853 CRITICAL Act Now

ControlID iDSecure On-premises versions 4.7.48.0 and prior contain SQL injection vulnerabilities that allow unauthenticated remote attackers to execute arbitrary SQL queries, potentially leaking sensitive information or modifying database contents. The CVSS 9.1 score reflects the critical nature (high confidentiality and integrity impact), though availability is not directly affected. Active exploitation status and proof-of-concept availability cannot be confirmed from provided data, but the unauthenticated, network-accessible attack vector makes this a high-priority vulnerability.

Information Disclosure Control Id Idsecure SQLi
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-49852 HIGH This Week

ControlID iDSecure On-premises versions 4.7.48.0 and earlier contain a server-side request forgery (SSRF) vulnerability that allows unauthenticated attackers to make arbitrary requests from the vulnerable server to internal or external systems, potentially exposing sensitive information. The CVSS 7.5 score reflects the high confidentiality impact and network-accessible attack vector, though integrity and availability are not compromised. This vulnerability requires immediate patching as it requires no authentication or user interaction.

SSRF Control Id Idsecure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-49851 CRITICAL Act Now

ControlID iDSecure On-premises versions 4.7.48.0 and earlier contain an improper authentication vulnerability (CWE-287) that allows unauthenticated network attackers to completely bypass authentication mechanisms and gain unauthorized permissions within the application. With a CVSS 9.8 score reflecting network-accessible, low-complexity exploitation requiring no user interaction or privileges, this represents a critical remote authentication bypass affecting all confidentiality, integrity, and availability of the system. The vulnerability's presence in a widely-deployed identity and access control product makes this a high-priority threat requiring immediate patching.

Authentication Bypass Control Id Idsecure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-33367 CRITICAL Act Now

A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP SQLi Control Id Idsecure
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33371 CRITICAL Act Now

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Control Id Idsecure
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33370 HIGH This Week

An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Control Id Idsecure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-33369 CRITICAL Act Now

A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service Control Id Idsecure
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-33368 MEDIUM This Month

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control Id Idsecure
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2044 MEDIUM This Month

A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Control Id Idsecure
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
EPSS 0% CVSS 9.1
CRITICAL Act Now

ControlID iDSecure On-premises versions 4.7.48.0 and prior contain SQL injection vulnerabilities that allow unauthenticated remote attackers to execute arbitrary SQL queries, potentially leaking sensitive information or modifying database contents. The CVSS 9.1 score reflects the critical nature (high confidentiality and integrity impact), though availability is not directly affected. Active exploitation status and proof-of-concept availability cannot be confirmed from provided data, but the unauthenticated, network-accessible attack vector makes this a high-priority vulnerability.

Information Disclosure Control Id Idsecure SQLi
NVD
EPSS 0% CVSS 7.5
HIGH This Week

ControlID iDSecure On-premises versions 4.7.48.0 and earlier contain a server-side request forgery (SSRF) vulnerability that allows unauthenticated attackers to make arbitrary requests from the vulnerable server to internal or external systems, potentially exposing sensitive information. The CVSS 7.5 score reflects the high confidentiality impact and network-accessible attack vector, though integrity and availability are not compromised. This vulnerability requires immediate patching as it requires no authentication or user interaction.

SSRF Control Id Idsecure
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

ControlID iDSecure On-premises versions 4.7.48.0 and earlier contain an improper authentication vulnerability (CWE-287) that allows unauthenticated network attackers to completely bypass authentication mechanisms and gain unauthorized permissions within the application. With a CVSS 9.8 score reflecting network-accessible, low-complexity exploitation requiring no user interaction or privileges, this represents a critical remote authentication bypass affecting all confidentiality, integrity, and availability of the system. The vulnerability's presence in a widely-deployed identity and access control product makes this a high-priority threat requiring immediate patching.

Authentication Bypass Control Id Idsecure
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP SQLi +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Control Id Idsecure
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Control Id Idsecure
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service Control Id Idsecure
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control Id Idsecure
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Control Id Idsecure
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy