Vulnerabilities > Secomea

DATE CVE VULNERABILITY TITLE RISK
2023-07-17 CVE-2023-2912 Use After Free vulnerability in Secomea Sitemanager Embedded 9.2C
Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction.
network
low complexity
secomea CWE-416
7.5
2023-04-19 CVE-2023-0317 Unspecified vulnerability in Secomea Gatemanager 9.6.621421014
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information.
network
low complexity
secomea
4.9
2023-04-19 CVE-2022-38125 Unspecified vulnerability in Secomea products
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
local
low complexity
secomea
5.5
2022-12-09 CVE-2022-2752 Improper Authentication vulnerability in Secomea Gatemanager 9.6.621421014
A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7.
local
low complexity
secomea CWE-287
7.8
2022-12-06 CVE-2022-38123 Improper Input Validation vulnerability in Secomea Gatemanager 9.6.621421014
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.
network
low complexity
secomea CWE-20
7.2
2022-05-04 CVE-2022-25786 Unspecified vulnerability in Secomea Gatemanager 9.6.621421014
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information.
network
low complexity
secomea
4.0
2022-05-04 CVE-2021-32010 Inadequate Encryption Strength vulnerability in Secomea products
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks.
network
secomea CWE-326
6.8
2022-05-04 CVE-2022-25778 Cross-Site Request Forgery (CSRF) vulnerability in Secomea products
Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.
network
secomea CWE-352
6.8
2022-05-04 CVE-2022-25779 Resource Exhaustion vulnerability in Secomea products
Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log.
network
low complexity
secomea CWE-400
4.0
2022-05-04 CVE-2022-25780 Unspecified vulnerability in Secomea products
Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.
network
low complexity
secomea
4.0