CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2022-38125 – FTP Agent forwards traffic on inactive ports to LinkManager
https://notcve.org/view.php?id=CVE-2022-38125
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client. • https://www.secomea.com/support/cybersecurity-advisory • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2022-38124 – Unwanted debug tool
https://notcve.org/view.php?id=CVE-2022-38124
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. La herramienta de depuración en Secomea SiteManager permite al administrador conectado modificar el estado del sistema de manera no deseada. • https://www.secomea.com/support/cybersecurity-advisory • CWE-267: Privilege Defined With Unsafe Actions CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 0CVE-2022-25785 – Buffer overrun
https://notcve.org/view.php?id=CVE-2022-25785
Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7. Una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en SiteManager permite al usuario conectado o local causar una ejecución de código arbitrario. Este problema afecta a: Secomea SiteManager todas las versiones anteriores a 9.7 • https://www.secomea.com/support/cybersecurity-advisory • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-25784 – User controllable HTML element attribute (potential XSS)
https://notcve.org/view.php?id=CVE-2022-25784
Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en la Interfaz Gráfica de Usuario de SiteManager permite al usuario conectado inyectar scripts. Este problema afecta a: Secomea SiteManager todas las versiones anteriores a 9.7 • https://www.secomea.com/support/cybersecurity-advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 27EXPL: 0CVE-2021-32010 – Clients may connect to a GateManager with TLS 1.0
https://notcve.org/view.php?id=CVE-2021-32010
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7. Una vulnerabilidad de la fuerza de encriptación inapropiada en la pila TLS de Secomea SiteManager, LinkManager y GateManager puede facilitar ataques de tipo man in the middle. • https://www.secomea.com/support/cybersecurity-advisory • CWE-326: Inadequate Encryption Strength •