CVE-2022-25779 Insufficient scope checks allows adding unrelated audit log entries

Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7...

CVE-2022-25779

CVE-2022-25779 affects Secomea GateManager (versions prior to 9.7). The issue is described as a Logging of Excessive Data vulnerability in the audit log that allows a logged-in user to write text entries in the audit log, with a root cause related to insufficient scope checks that enable adding u...

CVE-2022-25778 Unload handlers may unintentionally defeat CSRF guards

Cross-Site Request Forgery CSRF vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session...

CVE-2022-25778

The CVE-2022-25778 issue affects Secomea GateManager Web UI and is a Cross-Site Request Forgery (CSRF) vulnerability. The available connected sources describe that versions prior to Secomea GateManager 9.7 are vulnerable to attackers issuing GET requests within a logged-in user session, enabling ...

CVE-2021-32010 Clients may connect to a GateManager with TLS 1.0

Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to...

CVE-2021-32010

This CVE describes an Inadequate Encryption Strength issue in the TLS stack of Secomea SiteManager, LinkManager, and GateManager affecting versions prior to 9.7. The root cause is weaknesses in TLS encryption that could enable man-in-the-middle attacks over the network. Affected products expose n...

Secomea GateManager 资源管理错误漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerabilities exist in versions prior to Secomea GateManager 9.7, which could be exploited to allow logged-in users to write text entries in the audit log...

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerability exists in versions prior to Secomea GateManager 9.7, which stems from improper handling of permissions in Secomea GateManager's Web UI, and could be exploited to allow logged-in users to...

Secomea 多款产品加密问题漏洞

Secomea GateManager and Secomea SiteManager are both products of Secomea, Denmark.GateManager is a remote access server product.Secomea SiteManager is a software application. Secomea SiteManager is a software application that provides a remote maintenance function for industrial equipment. A...

Secomea GateManager 跨站请求伪造漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerabilities exist in versions prior to Secomea GateManager 9.7, which can be exploited by attackers to issue get requests in a logged-in user session...

Secomea GateManager 信息泄露漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerability exists in all versions of Secomea GateManager prior to 9.7. The vulnerability stems from the exposure of query string information in GET requests of the LMM API, which could be exploited ...

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerability exists in versions prior to Secomea GateManager 9.7, which stems from the exposure of information in Secomea GateManager's Web UI, and could be exploited by an attacker to allow logged-in...

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerabilities exist in versions prior to Secomea GateManager 9.7, which could be exploited by attackers to allow logged-in users to issue incorrect queries without being logged in...

CVE-2021-32009

Cross-site Scripting XSS vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions...

Cross site scripting

Cross-site Scripting XSS vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions...

CVE-2021-32009

CVE-2021-32009 is a documented XSS vulnerability affecting Secomea GateManager firmware page. The issue (titled Missing XSS guards on firmware page) permits a logged-in user to inject JavaScript into the browser session. Affected software: GateManager Version 9.6.621421014 and all prior versions....

CVE-2021-32009 Missing XSS guards on firmware page

Cross-site Scripting XSS vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions...

GateManager跨站脚本漏洞

Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in Secomea GateManager that allows a logged in user to inject javascript during a browser session...

CVE-2021-32006

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files...

CVE-2021-32006

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files...