Vulnerabilities > Secomea > Gatemanager 4250 Firmware > 9.0i
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-04 | CVE-2021-32010 | Inadequate Encryption Strength vulnerability in Secomea products Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. | 8.1 |
2022-05-04 | CVE-2022-25778 | Cross-Site Request Forgery (CSRF) vulnerability in Secomea products Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. | 8.8 |
2022-05-04 | CVE-2022-25779 | Resource Exhaustion vulnerability in Secomea products Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. | 4.3 |
2022-05-04 | CVE-2022-25780 | Unspecified vulnerability in Secomea products Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. | 4.3 |
2022-05-04 | CVE-2022-25781 | Cross-site Scripting vulnerability in Secomea products Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session. | 6.1 |
2022-05-04 | CVE-2022-25782 | Improper Privilege Management vulnerability in Secomea products Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. | 5.4 |
2022-05-04 | CVE-2022-25783 | Unspecified vulnerability in Secomea products Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. | 4.3 |
2022-05-04 | CVE-2022-25787 | Information Exposure vulnerability in Secomea products Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. | 6.7 |