Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gatemanager_8250_firmware
(Secomea)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 20 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-03-05 | CVE-2020-29032 | Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022 | Gatemanager_8250_firmware | 7.2 | ||
| 2021-11-22 | CVE-2021-32004 | This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning. | Gatemanager_8250_firmware | 5.3 | ||
| 2022-05-04 | CVE-2021-32010 | Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7. | Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware, Linkmanager, Sitemanager_1129_firmware, Sitemanager_1139_firmware, Sitemanager_1149_firmware, Sitemanager_3329_firmware, Sitemanager_3339_firmware, Sitemanager_3349_firmware, Sitemanager_3529_firmware, Sitemanager_3539_firmware, Sitemanager_3549_firmware | 8.1 | ||
| 2022-05-04 | CVE-2022-25778 | Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. | Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware | 8.8 | ||
| 2022-05-04 | CVE-2022-25779 | Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7. | Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware | 4.3 | ||
| 2022-05-04 | CVE-2022-25780 | Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. | Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware | 4.3 | ||
| 2022-05-04 | CVE-2022-25781 | Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session. | Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware | 6.1 | ||
| 2022-05-04 | CVE-2022-25782 | Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7. | Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware | 5.4 | ||
| 2022-05-04 | CVE-2022-25783 | Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7. | Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware | 4.3 | ||
| 2022-05-04 | CVE-2022-25787 | Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7. | Gatemanager_4250_firmware, Gatemanager_4260_firmware, Gatemanager_8250_firmware, Gatemanager_9250_firmware | 6.7 |