CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25786 – GateManager debug interface is included in production builds
https://notcve.org/view.php?id=CVE-2022-25786
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7. Una vulnerabilidad del canal alternativo no protegido en la consola de depuración de GateManager permite al administrador del sistema obtener información confidencial. Este problema afecta a: GateManager todas las versiones anteriores a 9.7 • https://www.secomea.com/support/cybersecurity-advisory • CWE-420: Unprotected Alternate Channel •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-25787 – GTA URLs issued by LMM WEB API may leak information
https://notcve.org/view.php?id=CVE-2022-25787
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7. Una Exposición de Información Mediante Cadenas de Consulta en la Petición GET es una vulnerabilidad en la API LMM de Secomea GateManager que permite al administrador del sistema secuestrar la conexión. Este problema afecta a: Secomea GateManager todas las versiones anteriores a 9.7 • https://www.secomea.com/support/cybersecurity-advisory • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 0CVE-2022-25785 – Buffer overrun
https://notcve.org/view.php?id=CVE-2022-25785
Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7. Una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en SiteManager permite al usuario conectado o local causar una ejecución de código arbitrario. Este problema afecta a: Secomea SiteManager todas las versiones anteriores a 9.7 • https://www.secomea.com/support/cybersecurity-advisory • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-25784 – User controllable HTML element attribute (potential XSS)
https://notcve.org/view.php?id=CVE-2022-25784
Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en la Interfaz Gráfica de Usuario de SiteManager permite al usuario conectado inyectar scripts. Este problema afecta a: Secomea SiteManager todas las versiones anteriores a 9.7 • https://www.secomea.com/support/cybersecurity-advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-25783 – Hacking attempts from logged-in users are not properly logged by GM
https://notcve.org/view.php?id=CVE-2022-25783
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7. Una vulnerabilidad de registro insuficiente en el servidor web de Secomea GateManager permite al usuario que ha iniciado la sesión realizar consultas indebidas sin registrarlas. Este problema afecta a: Las versiones de Secomea GateManager anteriores a la 9.7 • https://www.secomea.com/support/cybersecurity-advisory • CWE-778: Insufficient Logging •