Vulnerabilities > Secomea

DATE CVE VULNERABILITY TITLE RISK
2022-05-04 CVE-2022-25779 Resource Exhaustion vulnerability in Secomea products
Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log.
network
low complexity
secomea CWE-400
4.3
4.3
2022-05-04 CVE-2022-25780 Unspecified vulnerability in Secomea products
Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.
network
low complexity
secomea
4.3
4.3
2022-05-04 CVE-2022-25781 Cross-site Scripting vulnerability in Secomea products
Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session.
network
low complexity
secomea CWE-79
6.1
6.1
2022-05-04 CVE-2022-25782 Improper Privilege Management vulnerability in Secomea products
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information.
network
low complexity
secomea CWE-269
5.4
5.4
2022-05-04 CVE-2022-25783 Unspecified vulnerability in Secomea products
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging.
network
low complexity
secomea
4.3
4.3
2022-05-04 CVE-2022-25784 Cross-site Scripting vulnerability in Secomea products
Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting.
network
low complexity
secomea CWE-79
4.8
4.8
2022-05-04 CVE-2022-25785 Out-of-bounds Write vulnerability in Secomea products
Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution.
network
low complexity
secomea CWE-787
7.2
7.2
2022-05-04 CVE-2022-25787 Information Exposure vulnerability in Secomea products
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection.
local
low complexity
secomea CWE-200
6.7
6.7
2022-03-11 CVE-2021-32009 Cross-site Scripting vulnerability in Secomea Gatemanager 9.6.621421014
Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session.
network
low complexity
secomea CWE-79
6.1
6.1
2022-03-10 CVE-2021-32005 Cross-site Scripting vulnerability in Secomea products
Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution.
network
low complexity
secomea CWE-79
5.4
5.4