Vulnerabilities > Secomea > Gatemanager 8250 Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-04 | CVE-2021-32010 | Inadequate Encryption Strength vulnerability in Secomea products Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. | 8.1 |
| 2022-05-04 | CVE-2022-25778 | Cross-Site Request Forgery (CSRF) vulnerability in Secomea products Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. | 8.8 |
| 2021-03-05 | CVE-2020-29032 | Unrestricted Upload of File with Dangerous Type vulnerability in Secomea Gatemanager 8250 Firmware Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. | 7.2 |
| 2021-02-15 | CVE-2020-29031 | Improper Privilege Management vulnerability in Secomea products An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. | 8.1 |
| 2020-08-25 | CVE-2020-14512 | Use of Password Hash With Insufficient Computational Effort vulnerability in Secomea Gatemanager 8250 Firmware 9.1B/9.2/9.2B GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords. | 7.5 |