Known Vulnerabilities
CVE-2022-25783
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.
CVE-2022-25782
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7.
CVE-2022-25781
Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session.
CVE-2022-25780
Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.
CVE-2022-25779
Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7.
CVE-2022-25778
Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.
CVE-2021-32010
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.