Vulnerabilities > Secomea

DATE CVE VULNERABILITY TITLE RISK
2021-08-05 CVE-2021-32002 Incorrect Authorization vulnerability in Secomea Sitemanager Firmware
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager.
local
low complexity
secomea CWE-863
2.1
2021-08-05 CVE-2021-32003 Insufficiently Protected Credentials vulnerability in Secomea Sitemanager Firmware
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning.
local
low complexity
secomea CWE-522
2.1
2021-03-05 CVE-2020-29030 Cross-Site Request Forgery (CSRF) vulnerability in Secomea Gatemanager Firmware
Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code.
network
secomea CWE-352
6.8
2021-03-05 CVE-2020-29029 Cross-site Scripting vulnerability in Secomea Gatemanager Firmware
Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code.
network
secomea CWE-79
4.3
2021-03-05 CVE-2020-29028 Cross-site Scripting vulnerability in Secomea Gatemanager Firmware
Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code.
network
secomea CWE-79
4.3
2021-03-05 CVE-2020-29020 Incorrect Authorization vulnerability in Secomea Sitemanager Firmware
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials.
network
low complexity
secomea CWE-863
6.5
2021-03-05 CVE-2020-29032 Unrestricted Upload of File with Dangerous Type vulnerability in Secomea Gatemanager 8250 Firmware 9.2C
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server.
network
low complexity
secomea CWE-434
6.5
2021-02-16 CVE-2020-29027 Cross-site Scripting vulnerability in Secomea products
Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack.
network
secomea CWE-79
3.5
2021-02-16 CVE-2020-29025 Cross-site Scripting vulnerability in Secomea Sitemanager Embedded
A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
network
secomea CWE-79
4.3
2021-02-16 CVE-2020-29024 Missing Encryption of Sensitive Data vulnerability in Secomea products
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies.
network
low complexity
secomea CWE-311
5.0