CVSS: 8.1EPSS: 0%CPEs: 27EXPL: 0CVE-2021-32010 – Clients may connect to a GateManager with TLS 1.0
https://notcve.org/view.php?id=CVE-2021-32010
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7. Una vulnerabilidad de la fuerza de encriptación inapropiada en la pila TLS de Secomea SiteManager, LinkManager y GateManager puede facilitar ataques de tipo man in the middle. • https://www.secomea.com/support/cybersecurity-advisory • CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32009 – Missing XSS guards on firmware page
https://notcve.org/view.php?id=CVE-2021-32009
Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en la sección firmware de Secomea GateManager permite al usuario registrado inyectar javascript en la sesión del navegador. Este problema afecta a: Secomea GateManager versión 9.6.621421014 y todas las versiones anteriores • https://www.secomea.com/support/cybersecurity-advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2021-32005 – SiteManager Log View XSS Issue
https://notcve.org/view.php?id=CVE-2021-32005
Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions. Una vulnerabilidad de tipo cross-site Scripting (XSS) en la visualización de registro de Secomea SiteManager permite a un usuario que ha iniciado sesión almacenar javascript para su posterior ejecución. Este problema afecta a: Secomea SiteManager versión 9.6.621421014 y todas las versiones anteriores • https://www.secomea.com/support/cybersecurity-advisory/#5017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32006 – GateManager information leak for LinkManager Users
https://notcve.org/view.php?id=CVE-2021-32006
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files. Este problema afecta a: Secomea GateManager versión 9.6.621421014 y todas las versiones anteriores. Una vulnerabilidad de problemas de permisos en el portal web LinkManager de Secomea GateManager permite al usuario de LinkManager que ha iniciado sesión acceder a archivos de copia de seguridad de SiteManager almacenados • https://www.secomea.com/support/cybersecurity-advisory • CWE-274: Improper Handling of Insufficient Privileges CWE-275: Permission Issues CWE-276: Incorrect Default Permissions •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32008 – Logged-in Administrator may get unrestricted file system access
https://notcve.org/view.php?id=CVE-2021-32008
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories. Este problema afecta a: Secomea GateManager versión 9.6.621421014 y todas las versiones anteriores. Una limitación inapropiada de un nombre de ruta al directorio restringido, permite al administrador de GateManager que ha iniciado la sesión eliminar archivos o directorios del sistema • https://www.secomea.com/support/cybersecurity-advisory • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-552: Files or Directories Accessible to External Parties •