The following is a list of all publicly disclosed vulnerabilities discovered by Security Risk Advisors researchers.
All security vulnerabilities that are acquired by Security Risk Advisors are handled according to the SRA Disclosure Policy.
After the vendor has issued a patch or fix publicly and is within the timeframe agreed upon, SRA will release a public advisory disclosing its findings along with a timeframe from disclosure to advisory publish.
| NAME | CVE ID | VULNERABILITY TYPE | AFFECTS |
|---|---|---|---|
| Brivo Access Control Systems | CVE-2023-6259 CVE-2023-6260 | Local Access to Sensitive Data Web UI OS Command Injection | Models ACS100, ACS300. Models ACS6000 and ACSSDC may also be affected. Versions from 5.2.4 but before 6.2.4.3. Versions prior to 5.2.4 may also be affected. |