Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-19	CVE-2023-0317	Unspecified vulnerability in Secomea Gatemanager 9.6.621421014 Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. network low complexity secomea	4.9
2023-04-19	CVE-2022-38125	Unspecified vulnerability in Secomea products Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client. local low complexity secomea	5.5
2022-12-13	CVE-2022-38124	Improper Privilege Management vulnerability in Secomea products Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. network low complexity secomea CWE-269	6.5
2022-05-04	CVE-2022-25786	Unspecified vulnerability in Secomea Gatemanager 9.6.621421014 Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. network low complexity secomea	4.9
2022-05-04	CVE-2022-25779	Resource Exhaustion vulnerability in Secomea products Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. network low complexity secomea CWE-400	4.3
2022-05-04	CVE-2022-25780	Unspecified vulnerability in Secomea products Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. network low complexity secomea	4.3
2022-05-04	CVE-2022-25781	Cross-site Scripting vulnerability in Secomea products Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session. network low complexity secomea CWE-79	6.1
2022-05-04	CVE-2022-25782	Improper Privilege Management vulnerability in Secomea products Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. network low complexity secomea CWE-269	5.4
2022-05-04	CVE-2022-25783	Unspecified vulnerability in Secomea products Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. network low complexity secomea	4.3
2022-05-04	CVE-2022-25784	Cross-site Scripting vulnerability in Secomea products Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. network low complexity secomea CWE-79	4.8