Vulnerabilities (CVE)

Filtered by vendor Secomea Subscribe
Total 35 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25786 1 Secomea 1 Gatemanager 2022-05-13 4.0 MEDIUM 4.9 MEDIUM
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7.
CVE-2022-25787 1 Secomea 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more 2022-05-11 4.6 MEDIUM 6.7 MEDIUM
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7.
CVE-2022-25785 1 Secomea 18 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 15 more 2022-05-11 6.5 MEDIUM 7.2 HIGH
Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7.
CVE-2022-25784 1 Secomea 18 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 15 more 2022-05-11 3.5 LOW 4.8 MEDIUM
Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7.
CVE-2022-25783 1 Secomea 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more 2022-05-11 4.0 MEDIUM 4.3 MEDIUM
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.
CVE-2022-25782 1 Secomea 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more 2022-05-11 5.5 MEDIUM 5.4 MEDIUM
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7.
CVE-2022-25780 1 Secomea 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more 2022-05-11 4.0 MEDIUM 4.3 MEDIUM
Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.
CVE-2022-25781 1 Secomea 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more 2022-05-11 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session.
CVE-2022-25779 1 Secomea 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more 2022-05-11 4.0 MEDIUM 4.3 MEDIUM
Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7.
CVE-2022-25778 1 Secomea 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more 2022-05-11 6.8 MEDIUM 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.
CVE-2021-32010 1 Secomea 27 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 24 more 2022-05-11 6.8 MEDIUM 8.1 HIGH
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.
CVE-2021-32009 1 Secomea 1 Gatemanager 2022-03-18 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions.
CVE-2021-32006 1 Secomea 1 Gatemanager 2022-03-16 4.0 MEDIUM 4.3 MEDIUM
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files.
CVE-2021-32005 1 Secomea 18 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 15 more 2022-03-12 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions.
CVE-2021-32008 1 Secomea 1 Gatemanager 2022-03-12 8.5 HIGH 8.7 HIGH
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories.
CVE-2021-32004 1 Secomea 2 Gatemanager 8250, Gatemanager 8250 Firmware 2021-11-24 5.0 MEDIUM 5.3 MEDIUM
This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.
CVE-2020-14510 1 Secomea 2 Gatemanager 8250, Gatemanager 8250 Firmware 2021-11-04 10.0 HIGH 9.8 CRITICAL
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.
CVE-2021-32003 1 Secomea 2 Sitemanager, Sitemanager Firmware 2021-08-13 2.1 LOW 5.5 MEDIUM
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
CVE-2021-32002 1 Secomea 2 Sitemanager, Sitemanager Firmware 2021-08-13 2.1 LOW 3.3 LOW
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
CVE-2020-29032 1 Secomea 2 Gatemanager 8250, Gatemanager 8250 Firmware 2021-03-12 6.5 MEDIUM 7.2 HIGH
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022