310 matches found
CVE-2022-25778
Cross-Site Request Forgery CSRF vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session...
CVE-2022-25783
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7...
CVE-2021-32010
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session...
Input validation
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7...
Cross site request forgery (csrf)
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7...
Cross site scripting
Cross-site Scripting XSS vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session...
Input validation
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7...
Information disclosure
Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope...
Code injection
Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7...
CVE-2022-25787
The CVE concerns Secomea GateManager, specifically its LMM API: Information Exposure Through Query Strings in GET requests can leak information via the GATE LMM API, allowing a local attacker (or an admin) to hijack connections. Affected are all GateManager versions prior to 9.7. The root cause i...
CVE-2022-25787 GTA URLs issued by LMM WEB API may leak information
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7...
CVE-2022-25783 Hacking attempts from logged-in users are not properly logged by GM
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7...
CVE-2022-25783
CVE-2022-25783 concerns an insufficient logging vulnerability in the web server of the Secomea GateManager. Affected product: Secomea GateManager (remote access server) with versions prior to 9.7. Root cause: logged-in users can issue improper queries without those actions being logged, enabling ...
CVE-2022-25782 Insufficient privilege checks on object access and updates.
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7...
CVE-2022-25782
CVE-2022-25782 affects Secomea GateManager Web UI. The vulnerability stems from improper handling of permissions, allowing a logged-in user to access and update privileged information. Impact is described as exposure of privilege information and the ability to modify it for versions prior to 9.7....
CVE-2022-25781 Reflected XSS issues in GateManager
Cross-site Scripting XSS vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session...
CVE-2022-25781
CVE-2022-25781 affects Secomea GateManager Web UI with a cross-site scripting (XSS) vulnerability that can allow an attacker to inject JavaScript/HTML into a logged-in user session, enabling phishing or session manipulation. The connected sources consistently describe XSS in the GateManager web i...
CVE-2022-25780
CVE-2022-25780 covers an information-disclosure vulnerability in the web UI of Secomea GateManager. The issue allows an authenticated user to query devices outside their own scope via the web interface. Public documentation across multiple sources states this vulnerability affects versions prior ...
CVE-2022-25780 Information leak via device availability query function
Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope...