Search

Find a vulnerability

Search criteria

    40 vulnerabilities found for gatemanager_8250_firmware by secomea

    CVE-2022-25787 (GCVE-0-2022-25787)

    Vulnerability from nvd – Published: 2022-05-04 13:58 – Updated: 2024-08-03 04:49
    VLAI
    Title
    GTA URLs issued by LMM WEB API may leak information
    Summary
    Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7.
    CWE
    • CWE-598 - Information Exposure Through Query Strings in GET Request
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: all , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.776Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "all",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-598",
                  "description": "CWE-598 Information Exposure Through Query Strings in GET Request",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:58:45.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5523"
            ],
            "discovery": "INTERNAL"
          },
          "title": "GTA URLs issued by LMM WEB API may leak information",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2022-25787",
              "STATE": "PUBLIC",
              "TITLE": "GTA URLs issued by LMM WEB API may leak information"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "all",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-598 Information Exposure Through Query Strings in GET Request"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5523"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-25787",
        "datePublished": "2022-05-04T13:58:45.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:49:43.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25783 (GCVE-0-2022-25783)

    Vulnerability from nvd – Published: 2022-05-04 13:55 – Updated: 2024-08-03 04:49
    VLAI
    Title
    Hacking attempts from logged-in users are not properly logged by GM
    Summary
    Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-778",
                  "description": "CWE-778 Insufficient Logging",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:55:13.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5355"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Hacking attempts from logged-in users are not properly logged by GM",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2022-25783",
              "STATE": "PUBLIC",
              "TITLE": "Hacking attempts from logged-in users are not properly logged by GM"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-778 Insufficient Logging"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5355"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-25783",
        "datePublished": "2022-05-04T13:55:13.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:49:43.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25782 (GCVE-0-2022-25782)

    Vulnerability from nvd – Published: 2022-05-04 13:54 – Updated: 2024-08-03 04:49
    VLAI
    Title
    Insufficient privilege checks on object access and updates.
    Summary
    Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7.
    CWE
    • CWE-274 - Improper Handling of Insufficient Privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-274",
                  "description": "CWE-274 Improper Handling of Insufficient Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:54:16.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5335"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Insufficient privilege checks on object access and updates.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2022-25782",
              "STATE": "PUBLIC",
              "TITLE": "Insufficient privilege checks on object access and updates."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-274 Improper Handling of Insufficient Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5335"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-25782",
        "datePublished": "2022-05-04T13:54:16.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:49:43.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25781 (GCVE-0-2022-25781)

    Vulnerability from nvd – Published: 2022-05-04 13:53 – Updated: 2024-08-03 04:49
    VLAI
    Title
    Reflected XSS issues in GateManager
    Summary
    Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.192Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:53:17.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5314"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Reflected XSS issues in GateManager",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2022-25781",
              "STATE": "PUBLIC",
              "TITLE": "Reflected XSS issues in GateManager"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5314"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-25781",
        "datePublished": "2022-05-04T13:53:17.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:49:43.192Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25780 (GCVE-0-2022-25780)

    Vulnerability from nvd – Published: 2022-05-04 13:52 – Updated: 2024-08-03 04:49
    VLAI
    Title
    Information leak via device availability query function
    Summary
    Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.496Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:52:15.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5310"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Information leak via device availability query function",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2022-25780",
              "STATE": "PUBLIC",
              "TITLE": "Information leak via device availability query function"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5310"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-25780",
        "datePublished": "2022-05-04T13:52:15.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:49:43.496Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25779 (GCVE-0-2022-25779)

    Vulnerability from nvd – Published: 2022-05-04 13:51 – Updated: 2024-08-03 04:49
    VLAI
    Title
    Insufficient scope checks allows adding unrelated audit log entries
    Summary
    Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7.
    CWE
    • CWE-779 - Logging of Excessive Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.260Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-779",
                  "description": "CWE-779 Logging of Excessive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:51:08.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5309"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Insufficient scope checks allows adding unrelated audit log entries",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2022-25779",
              "STATE": "PUBLIC",
              "TITLE": "Insufficient scope checks allows adding unrelated audit log entries"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-779 Logging of Excessive Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5309"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-25779",
        "datePublished": "2022-05-04T13:51:08.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:49:43.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25778 (GCVE-0-2022-25778)

    Vulnerability from nvd – Published: 2022-05-04 13:49 – Updated: 2024-08-03 04:49
    VLAI
    Title
    Unload handlers may unintentionally defeat CSRF guards
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.681Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:49:55.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5308"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Unload handlers may unintentionally defeat CSRF guards",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2022-25778",
              "STATE": "PUBLIC",
              "TITLE": "Unload handlers may unintentionally defeat CSRF guards"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5308"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-25778",
        "datePublished": "2022-05-04T13:49:55.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:49:43.681Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32010 (GCVE-0-2021-32010)

    Vulnerability from nvd – Published: 2022-05-04 13:45 – Updated: 2024-08-03 23:17
    VLAI
    Title
    Clients may connect to a GateManager with TLS 1.0
    Summary
    Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.
    CWE
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea SiteManager Affected: All , < 9.7 (custom)
    Create a notification for this product.
    Secomea LinkManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Secomea GateManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:28.463Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SiteManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "LinkManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:45:03.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5699"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Clients may connect to a GateManager with TLS 1.0",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2021-32010",
              "STATE": "PUBLIC",
              "TITLE": "Clients may connect to a GateManager with TLS 1.0"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SiteManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "LinkManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-326 Inadequate Encryption Strength"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5699"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2021-32010",
        "datePublished": "2022-05-04T13:45:03.000Z",
        "dateReserved": "2021-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:17:28.463Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32004 (GCVE-0-2021-32004)

    Vulnerability from nvd – Published: 2021-11-22 20:32 – Updated: 2024-08-03 23:17
    VLAI
    Title
    GateManager does not enforce strict hostname matching for WEB server
    Summary
    This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: All , < 9.6 (custom)
    Create a notification for this product.
    Credits
    Acunetix
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:28.501Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#4578"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.6",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Acunetix"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-22T20:32:45.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#4578"
            }
          ],
          "source": {
            "defect": [
              "RD-4578"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "GateManager does not enforce strict hostname matching for WEB server",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2021-32004",
              "STATE": "PUBLIC",
              "TITLE": "GateManager does not enforce strict hostname matching for WEB server"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "9.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Acunetix"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#4578",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#4578"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-4578"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2021-32004",
        "datePublished": "2021-11-22T20:32:45.000Z",
        "dateReserved": "2021-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:17:28.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29032 (GCVE-0-2020-29032)

    Vulnerability from nvd – Published: 2021-03-05 16:58 – Updated: 2024-09-16 16:32
    VLAI
    Title
    Add integrity check of GateManager firmware
    Summary
    Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022
    CWE
    • CWE-494 - Download of Code Without Integrity Check
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: all , < 9.4.621054022 (custom)
    Create a notification for this product.
    Date Public
    2021-03-04 00:00
    Credits
    Tenable
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:48:01.434Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/research/tra-2021-06"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#3737"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.4.621054022",
                  "status": "affected",
                  "version": "all",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tenable"
            }
          ],
          "datePublic": "2021-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-09T06:06:27.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/research/tra-2021-06"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#3737"
            }
          ],
          "source": {
            "defect": [
              "RD-3737"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Add integrity check of GateManager firmware",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "DATE_PUBLIC": "2021-03-04T22:00:00.000Z",
              "ID": "CVE-2020-29032",
              "STATE": "PUBLIC",
              "TITLE": "Add integrity check of GateManager firmware"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "all",
                                "version_value": "9.4.621054022"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Tenable"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-494 Download of Code Without Integrity Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tenable.com/security/research/tra-2021-06",
                  "refsource": "MISC",
                  "url": "https://www.tenable.com/security/research/tra-2021-06"
                },
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#3737",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#3737"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-3737"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2020-29032",
        "datePublished": "2021-03-05T16:58:27.148Z",
        "dateReserved": "2020-11-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:32:33.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29024 (GCVE-0-2020-29024)

    Vulnerability from nvd – Published: 2021-02-16 15:07 – Updated: 2024-09-16 16:38
    VLAI
    Title
    Missing HtppOnly and Secure flags
    Summary
    Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.
    CWE
    • CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: all , < 9.3 (custom)
    Create a notification for this product.
    Date Public
    2021-02-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:48:01.408Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.3",
                  "status": "affected",
                  "version": "all",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-02-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-614",
                  "description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-16T15:07:41.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
            }
          ],
          "source": {
            "defect": [
              "RD-2418"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Missing HtppOnly and Secure flags",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "DATE_PUBLIC": "2021-02-16T00:00:00.000Z",
              "ID": "CVE-2020-29024",
              "STATE": "PUBLIC",
              "TITLE": "Missing HtppOnly and Secure flags"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "all",
                                "version_value": "9.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#2418",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-2418"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2020-29024",
        "datePublished": "2021-02-16T15:07:41.787Z",
        "dateReserved": "2020-11-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:38:40.890Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29023 (GCVE-0-2020-29023)

    Vulnerability from nvd – Published: 2021-02-16 15:14 – Updated: 2024-09-17 04:24
    VLAI
    Title
    CSV Formula Injection possible due to improper fields escaping in GateManager
    Summary
    Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: all , < 9.3 (custom)
    Create a notification for this product.
    Date Public
    2020-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:48:01.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.3",
                  "status": "affected",
                  "version": "all",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim\u0027s computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116 Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-16T15:14:57.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
            }
          ],
          "source": {
            "defect": [
              "RD-2922"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "CSV Formula Injection possible due to improper fields escaping in GateManager",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "DATE_PUBLIC": "2020-12-18T22:00:00.000Z",
              "ID": "CVE-2020-29023",
              "STATE": "PUBLIC",
              "TITLE": "CSV Formula Injection possible due to improper fields escaping in GateManager"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "all",
                                "version_value": "9.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim\u0027s computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-116 Improper Encoding or Escaping of Output"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                },
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#2418",
                  "refsource": "CONFIRM",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-2922"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2020-29023",
        "datePublished": "2021-02-16T15:14:57.287Z",
        "dateReserved": "2020-11-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:24:59.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29022 (GCVE-0-2020-29022)

    Vulnerability from nvd – Published: 2021-02-16 15:08 – Updated: 2024-09-16 16:18
    VLAI
    Title
    Host Header Injection allowing web cache poisoning attacks
    Summary
    Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3
    CWE
    • CWE-159 - Failure to Sanitize Special Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: all , < 9.3 (custom)
    Create a notification for this product.
    Date Public
    2021-02-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:48:01.436Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#2923"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.3",
                  "status": "affected",
                  "version": "all",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-02-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-159",
                  "description": "CWE-159 Failure to Sanitize Special Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-16T15:08:36.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#2923"
            }
          ],
          "source": {
            "defect": [
              "RD-2923"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Host Header Injection allowing web cache poisoning attacks",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "DATE_PUBLIC": "2021-02-16T22:00:00.000Z",
              "ID": "CVE-2020-29022",
              "STATE": "PUBLIC",
              "TITLE": "Host Header Injection allowing web cache poisoning attacks"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "all",
                                "version_value": "9.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-159 Failure to Sanitize Special Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#2923",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#2923"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-2923"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2020-29022",
        "datePublished": "2021-02-16T15:08:36.021Z",
        "dateReserved": "2020-11-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:18:06.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29031 (GCVE-0-2020-29031)

    Vulnerability from nvd – Published: 2021-02-15 15:52 – Updated: 2024-08-04 16:48
    VLAI
    Title
    Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation
    Summary
    An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c
    CWE
    • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: All , < 9.2c (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:48:00.792Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#2920"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.2c",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-280",
                  "description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-15T15:52:30.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#2920"
            }
          ],
          "source": {
            "defect": [
              "RD-2920"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2020-29031",
              "STATE": "PUBLIC",
              "TITLE": "Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "9.2c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-280 Improper Handling of Insufficient Permissions or Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#2920",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#2920"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-2920"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2020-29031",
        "datePublished": "2021-02-15T15:52:30.000Z",
        "dateReserved": "2020-11-24T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:48:00.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29026 (GCVE-0-2020-29026)

    Vulnerability from nvd – Published: 2021-02-15 15:48 – Updated: 2024-08-04 16:48
    VLAI
    Summary
    A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: All , < 9.2c (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:48:01.207Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#2918"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.2c",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-15T15:48:30.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#2918"
            }
          ],
          "source": {
            "defect": [
              "RD-2918"
            ],
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2020-29026",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "9.2c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#2918",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#2918"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-2918"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2020-29026",
        "datePublished": "2021-02-15T15:48:30.000Z",
        "dateReserved": "2020-11-24T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:48:01.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25787 (GCVE-0-2022-25787)

    Vulnerability from cvelistv5 – Published: 2022-05-04 13:58 – Updated: 2024-08-03 04:49
    VLAI
    Title
    GTA URLs issued by LMM WEB API may leak information
    Summary
    Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7.
    CWE
    • CWE-598 - Information Exposure Through Query Strings in GET Request
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: all , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.776Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "all",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-598",
                  "description": "CWE-598 Information Exposure Through Query Strings in GET Request",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:58:45.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5523"
            ],
            "discovery": "INTERNAL"
          },
          "title": "GTA URLs issued by LMM WEB API may leak information",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2022-25787",
              "STATE": "PUBLIC",
              "TITLE": "GTA URLs issued by LMM WEB API may leak information"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "all",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-598 Information Exposure Through Query Strings in GET Request"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5523"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-25787",
        "datePublished": "2022-05-04T13:58:45.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:49:43.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25783 (GCVE-0-2022-25783)

    Vulnerability from cvelistv5 – Published: 2022-05-04 13:55 – Updated: 2024-08-03 04:49
    VLAI
    Title
    Hacking attempts from logged-in users are not properly logged by GM
    Summary
    Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-778",
                  "description": "CWE-778 Insufficient Logging",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:55:13.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5355"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Hacking attempts from logged-in users are not properly logged by GM",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2022-25783",
              "STATE": "PUBLIC",
              "TITLE": "Hacking attempts from logged-in users are not properly logged by GM"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-778 Insufficient Logging"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5355"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-25783",
        "datePublished": "2022-05-04T13:55:13.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:49:43.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25782 (GCVE-0-2022-25782)

    Vulnerability from cvelistv5 – Published: 2022-05-04 13:54 – Updated: 2024-08-03 04:49
    VLAI
    Title
    Insufficient privilege checks on object access and updates.
    Summary
    Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7.
    CWE
    • CWE-274 - Improper Handling of Insufficient Privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-274",
                  "description": "CWE-274 Improper Handling of Insufficient Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:54:16.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5335"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Insufficient privilege checks on object access and updates.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2022-25782",
              "STATE": "PUBLIC",
              "TITLE": "Insufficient privilege checks on object access and updates."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-274 Improper Handling of Insufficient Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5335"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-25782",
        "datePublished": "2022-05-04T13:54:16.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:49:43.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25781 (GCVE-0-2022-25781)

    Vulnerability from cvelistv5 – Published: 2022-05-04 13:53 – Updated: 2024-08-03 04:49
    VLAI
    Title
    Reflected XSS issues in GateManager
    Summary
    Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.192Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:53:17.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5314"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Reflected XSS issues in GateManager",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2022-25781",
              "STATE": "PUBLIC",
              "TITLE": "Reflected XSS issues in GateManager"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5314"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-25781",
        "datePublished": "2022-05-04T13:53:17.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:49:43.192Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25780 (GCVE-0-2022-25780)

    Vulnerability from cvelistv5 – Published: 2022-05-04 13:52 – Updated: 2024-08-03 04:49
    VLAI
    Title
    Information leak via device availability query function
    Summary
    Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.496Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:52:15.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5310"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Information leak via device availability query function",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2022-25780",
              "STATE": "PUBLIC",
              "TITLE": "Information leak via device availability query function"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5310"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-25780",
        "datePublished": "2022-05-04T13:52:15.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:49:43.496Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25779 (GCVE-0-2022-25779)

    Vulnerability from cvelistv5 – Published: 2022-05-04 13:51 – Updated: 2024-08-03 04:49
    VLAI
    Title
    Insufficient scope checks allows adding unrelated audit log entries
    Summary
    Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7.
    CWE
    • CWE-779 - Logging of Excessive Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.260Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-779",
                  "description": "CWE-779 Logging of Excessive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:51:08.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5309"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Insufficient scope checks allows adding unrelated audit log entries",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2022-25779",
              "STATE": "PUBLIC",
              "TITLE": "Insufficient scope checks allows adding unrelated audit log entries"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-779 Logging of Excessive Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5309"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-25779",
        "datePublished": "2022-05-04T13:51:08.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:49:43.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25778 (GCVE-0-2022-25778)

    Vulnerability from cvelistv5 – Published: 2022-05-04 13:49 – Updated: 2024-08-03 04:49
    VLAI
    Title
    Unload handlers may unintentionally defeat CSRF guards
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.681Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:49:55.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5308"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Unload handlers may unintentionally defeat CSRF guards",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2022-25778",
              "STATE": "PUBLIC",
              "TITLE": "Unload handlers may unintentionally defeat CSRF guards"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5308"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-25778",
        "datePublished": "2022-05-04T13:49:55.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:49:43.681Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32010 (GCVE-0-2021-32010)

    Vulnerability from cvelistv5 – Published: 2022-05-04 13:45 – Updated: 2024-08-03 23:17
    VLAI
    Title
    Clients may connect to a GateManager with TLS 1.0
    Summary
    Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.
    CWE
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea SiteManager Affected: All , < 9.7 (custom)
    Create a notification for this product.
    Secomea LinkManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Secomea GateManager Affected: unspecified , < 9.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:28.463Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SiteManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "LinkManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T13:45:03.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-5699"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Clients may connect to a GateManager with TLS 1.0",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2021-32010",
              "STATE": "PUBLIC",
              "TITLE": "Clients may connect to a GateManager with TLS 1.0"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SiteManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "LinkManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-326 Inadequate Encryption Strength"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-5699"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2021-32010",
        "datePublished": "2022-05-04T13:45:03.000Z",
        "dateReserved": "2021-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:17:28.463Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32004 (GCVE-0-2021-32004)

    Vulnerability from cvelistv5 – Published: 2021-11-22 20:32 – Updated: 2024-08-03 23:17
    VLAI
    Title
    GateManager does not enforce strict hostname matching for WEB server
    Summary
    This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: All , < 9.6 (custom)
    Create a notification for this product.
    Credits
    Acunetix
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:28.501Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#4578"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.6",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Acunetix"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-22T20:32:45.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#4578"
            }
          ],
          "source": {
            "defect": [
              "RD-4578"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "GateManager does not enforce strict hostname matching for WEB server",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2021-32004",
              "STATE": "PUBLIC",
              "TITLE": "GateManager does not enforce strict hostname matching for WEB server"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "9.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Acunetix"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#4578",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#4578"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-4578"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2021-32004",
        "datePublished": "2021-11-22T20:32:45.000Z",
        "dateReserved": "2021-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:17:28.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29032 (GCVE-0-2020-29032)

    Vulnerability from cvelistv5 – Published: 2021-03-05 16:58 – Updated: 2024-09-16 16:32
    VLAI
    Title
    Add integrity check of GateManager firmware
    Summary
    Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022
    CWE
    • CWE-494 - Download of Code Without Integrity Check
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: all , < 9.4.621054022 (custom)
    Create a notification for this product.
    Date Public
    2021-03-04 00:00
    Credits
    Tenable
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:48:01.434Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/research/tra-2021-06"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#3737"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.4.621054022",
                  "status": "affected",
                  "version": "all",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tenable"
            }
          ],
          "datePublic": "2021-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-09T06:06:27.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/research/tra-2021-06"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#3737"
            }
          ],
          "source": {
            "defect": [
              "RD-3737"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Add integrity check of GateManager firmware",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "DATE_PUBLIC": "2021-03-04T22:00:00.000Z",
              "ID": "CVE-2020-29032",
              "STATE": "PUBLIC",
              "TITLE": "Add integrity check of GateManager firmware"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "all",
                                "version_value": "9.4.621054022"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Tenable"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-494 Download of Code Without Integrity Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tenable.com/security/research/tra-2021-06",
                  "refsource": "MISC",
                  "url": "https://www.tenable.com/security/research/tra-2021-06"
                },
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#3737",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#3737"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-3737"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2020-29032",
        "datePublished": "2021-03-05T16:58:27.148Z",
        "dateReserved": "2020-11-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:32:33.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29023 (GCVE-0-2020-29023)

    Vulnerability from cvelistv5 – Published: 2021-02-16 15:14 – Updated: 2024-09-17 04:24
    VLAI
    Title
    CSV Formula Injection possible due to improper fields escaping in GateManager
    Summary
    Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: all , < 9.3 (custom)
    Create a notification for this product.
    Date Public
    2020-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:48:01.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.3",
                  "status": "affected",
                  "version": "all",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim\u0027s computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116 Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-16T15:14:57.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
            }
          ],
          "source": {
            "defect": [
              "RD-2922"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "CSV Formula Injection possible due to improper fields escaping in GateManager",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "DATE_PUBLIC": "2020-12-18T22:00:00.000Z",
              "ID": "CVE-2020-29023",
              "STATE": "PUBLIC",
              "TITLE": "CSV Formula Injection possible due to improper fields escaping in GateManager"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "all",
                                "version_value": "9.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim\u0027s computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-116 Improper Encoding or Escaping of Output"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/"
                },
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#2418",
                  "refsource": "CONFIRM",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-2922"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2020-29023",
        "datePublished": "2021-02-16T15:14:57.287Z",
        "dateReserved": "2020-11-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:24:59.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29022 (GCVE-0-2020-29022)

    Vulnerability from cvelistv5 – Published: 2021-02-16 15:08 – Updated: 2024-09-16 16:18
    VLAI
    Title
    Host Header Injection allowing web cache poisoning attacks
    Summary
    Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3
    CWE
    • CWE-159 - Failure to Sanitize Special Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: all , < 9.3 (custom)
    Create a notification for this product.
    Date Public
    2021-02-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:48:01.436Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#2923"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.3",
                  "status": "affected",
                  "version": "all",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-02-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-159",
                  "description": "CWE-159 Failure to Sanitize Special Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-16T15:08:36.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#2923"
            }
          ],
          "source": {
            "defect": [
              "RD-2923"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Host Header Injection allowing web cache poisoning attacks",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "DATE_PUBLIC": "2021-02-16T22:00:00.000Z",
              "ID": "CVE-2020-29022",
              "STATE": "PUBLIC",
              "TITLE": "Host Header Injection allowing web cache poisoning attacks"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "all",
                                "version_value": "9.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-159 Failure to Sanitize Special Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#2923",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#2923"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-2923"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2020-29022",
        "datePublished": "2021-02-16T15:08:36.021Z",
        "dateReserved": "2020-11-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:18:06.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29024 (GCVE-0-2020-29024)

    Vulnerability from cvelistv5 – Published: 2021-02-16 15:07 – Updated: 2024-09-16 16:38
    VLAI
    Title
    Missing HtppOnly and Secure flags
    Summary
    Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.
    CWE
    • CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: all , < 9.3 (custom)
    Create a notification for this product.
    Date Public
    2021-02-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:48:01.408Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.3",
                  "status": "affected",
                  "version": "all",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-02-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-614",
                  "description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-16T15:07:41.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
            }
          ],
          "source": {
            "defect": [
              "RD-2418"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Missing HtppOnly and Secure flags",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "DATE_PUBLIC": "2021-02-16T00:00:00.000Z",
              "ID": "CVE-2020-29024",
              "STATE": "PUBLIC",
              "TITLE": "Missing HtppOnly and Secure flags"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "all",
                                "version_value": "9.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#2418",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-2418"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2020-29024",
        "datePublished": "2021-02-16T15:07:41.787Z",
        "dateReserved": "2020-11-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:38:40.890Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29031 (GCVE-0-2020-29031)

    Vulnerability from cvelistv5 – Published: 2021-02-15 15:52 – Updated: 2024-08-04 16:48
    VLAI
    Title
    Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation
    Summary
    An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c
    CWE
    • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: All , < 9.2c (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:48:00.792Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#2920"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.2c",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-280",
                  "description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-15T15:52:30.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#2920"
            }
          ],
          "source": {
            "defect": [
              "RD-2920"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2020-29031",
              "STATE": "PUBLIC",
              "TITLE": "Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "9.2c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-280 Improper Handling of Insufficient Permissions or Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#2920",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#2920"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-2920"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2020-29031",
        "datePublished": "2021-02-15T15:52:30.000Z",
        "dateReserved": "2020-11-24T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:48:00.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29026 (GCVE-0-2020-29026)

    Vulnerability from cvelistv5 – Published: 2021-02-15 15:48 – Updated: 2024-08-04 16:48
    VLAI
    Summary
    A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea GateManager Affected: All , < 9.2c (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:48:01.207Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#2918"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GateManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.2c",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-15T15:48:30.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#2918"
            }
          ],
          "source": {
            "defect": [
              "RD-2918"
            ],
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2020-29026",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GateManager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "9.2c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#2918",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#2918"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-2918"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2020-29026",
        "datePublished": "2021-02-15T15:48:30.000Z",
        "dateReserved": "2020-11-24T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:48:01.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }