CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0317 – GateManager debug interface is included in non-debug builds
https://notcve.org/view.php?id=CVE-2023-0317
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. • https://www.secomea.com/support/cybersecurity-advisory • CWE-420: Unprotected Alternate Channel •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4308 – Clear-text passwords in configuration files
https://notcve.org/view.php?id=CVE-2022-4308
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked. • https://www.secomea.com/support/cybersecurity-advisory • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2022-38124 – Unwanted debug tool
https://notcve.org/view.php?id=CVE-2022-38124
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. La herramienta de depuración en Secomea SiteManager permite al administrador conectado modificar el estado del sistema de manera no deseada. • https://www.secomea.com/support/cybersecurity-advisory • CWE-267: Privilege Defined With Unsafe Actions CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2752 – Potential vulnerabilities in GM login process
https://notcve.org/view.php?id=CVE-2022-2752
A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7. Una vulnerabilidad en el servidor web de Secomea GateManager permite que un usuario local se haga pasar por el usuario anterior en algunas condiciones de inicio de sesión fallidas. Este problema afecta a: Versiones de Secomea GateManager desde la 9.4 hasta la 9.7. • https://www.secomea.com/support/cybersecurity-advisory • CWE-287: Improper Authentication •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38123 – Insufficient validation of plugin files
https://notcve.org/view.php?id=CVE-2022-38123
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0. La validación de entrada incorrecta de archivos de complemento en la interfaz de administrador de Secomea GateManager permite al administrador del servidor inyectar código en la interfaz de GateManager. Este problema afecta a: Versiones de Secomea GateManager anteriores a la 10.0. • https://www.secomea.com/support/cybersecurity-advisory • CWE-20: Improper Input Validation •