Gatemanager_4250_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Gatemanager_4250_firmware
(Secomea)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	14

Date	Id	Summary	Products	Score	Patch	Annotated
2021-02-16	CVE-2020-29023	Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.	Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware	3.5
2021-02-16	CVE-2020-29024	Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.	Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware	5.3
2022-05-04	CVE-2021-32010	Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.	Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware, Linkmanager, Sitemanager_1129_firmware, Sitemanager_1139_firmware, Sitemanager_1149_firmware, Sitemanager_3329_firmware, Sitemanager_3339_firmware, Sitemanager_3349_firmware, Sitemanager_3529_firmware, Sitemanager_3539_firmware, Sitemanager_3549_firmware	8.1
2022-05-04	CVE-2022-25778	Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.	Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware	8.8
2022-05-04	CVE-2022-25779	Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7.	Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware	4.3
2022-05-04	CVE-2022-25780	Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.	Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware	4.3
2022-05-04	CVE-2022-25781	Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session.	Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware	6.1
2022-05-04	CVE-2022-25782	Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7.	Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware	5.4
2022-05-04	CVE-2022-25783	Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.	Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware	4.3
2022-05-04	CVE-2022-25787	Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7.	Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware	6.7