Vulnerabilities > Secomea

DATE CVE VULNERABILITY TITLE RISK
2022-05-04 CVE-2022-25786 Unspecified vulnerability in Secomea Gatemanager 9.6.621421014
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information.
network
low complexity
secomea
4.0
2022-05-04 CVE-2021-32010 Inadequate Encryption Strength vulnerability in Secomea products
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks.
network
secomea CWE-326
6.8
2022-05-04 CVE-2022-25778 Cross-Site Request Forgery (CSRF) vulnerability in Secomea products
Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.
network
secomea CWE-352
6.8
2022-05-04 CVE-2022-25779 Resource Exhaustion vulnerability in Secomea products
Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log.
network
low complexity
secomea CWE-400
4.0
2022-05-04 CVE-2022-25780 Unspecified vulnerability in Secomea products
Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.
network
low complexity
secomea
4.0
2022-05-04 CVE-2022-25781 Cross-site Scripting vulnerability in Secomea products
Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session.
network
secomea CWE-79
4.3
2022-05-04 CVE-2022-25782 Improper Privilege Management vulnerability in Secomea products
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information.
network
low complexity
secomea CWE-269
5.5
2022-05-04 CVE-2022-25783 Unspecified vulnerability in Secomea products
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging.
network
low complexity
secomea
4.0
2022-05-04 CVE-2022-25784 Cross-site Scripting vulnerability in Secomea products
Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting.
network
secomea CWE-79
3.5
2022-05-04 CVE-2022-25785 Out-of-bounds Write vulnerability in Secomea products
Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution.
network
low complexity
secomea CWE-787
6.5