Vulnerabilities > Secomea
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-22 | CVE-2021-32004 | Unspecified vulnerability in Secomea Gatemanager 8250 Firmware This issue affects: Secomea GateManager All versions prior to 9.6. | 5.0 |
| 2021-08-05 | CVE-2021-32002 | Unspecified vulnerability in Secomea Sitemanager Firmware Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. | 2.1 |
| 2021-08-05 | CVE-2021-32003 | Insufficiently Protected Credentials vulnerability in Secomea Sitemanager Firmware Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. | 2.1 |
| 2021-03-05 | CVE-2020-29030 | Cross-Site Request Forgery (CSRF) vulnerability in Secomea Gatemanager Firmware Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. | 6.8 |
| 2021-03-05 | CVE-2020-29029 | Cross-site Scripting vulnerability in Secomea Gatemanager Firmware Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. | 4.3 |
| 2021-03-05 | CVE-2020-29028 | Cross-site Scripting vulnerability in Secomea Gatemanager Firmware Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. | 4.3 |
| 2021-03-05 | CVE-2020-29020 | Incorrect Authorization vulnerability in Secomea Sitemanager Firmware Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. | 6.5 |
| 2021-03-05 | CVE-2020-29032 | Unrestricted Upload of File with Dangerous Type vulnerability in Secomea Gatemanager 8250 Firmware 9.2C Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. | 6.5 |
| 2021-02-16 | CVE-2020-29027 | Cross-site Scripting vulnerability in Secomea products Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. | 3.5 |
| 2021-02-16 | CVE-2020-29025 | Cross-site Scripting vulnerability in Secomea Sitemanager Embedded A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. | 4.3 |