CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2912 – SiteManager Embedded service disruption
https://notcve.org/view.php?id=CVE-2023-2912
Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction. • https://www.secomea.com/support/cybersecurity-advisory • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2022-38125 – FTP Agent forwards traffic on inactive ports to LinkManager
https://notcve.org/view.php?id=CVE-2022-38125
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client. • https://www.secomea.com/support/cybersecurity-advisory • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2022-38124 – Unwanted debug tool
https://notcve.org/view.php?id=CVE-2022-38124
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. La herramienta de depuración en Secomea SiteManager permite al administrador conectado modificar el estado del sistema de manera no deseada. • https://www.secomea.com/support/cybersecurity-advisory • CWE-267: Privilege Defined With Unsafe Actions CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 0CVE-2022-25785 – Buffer overrun
https://notcve.org/view.php?id=CVE-2022-25785
Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7. Una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en SiteManager permite al usuario conectado o local causar una ejecución de código arbitrario. Este problema afecta a: Secomea SiteManager todas las versiones anteriores a 9.7 • https://www.secomea.com/support/cybersecurity-advisory • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-25784 – User controllable HTML element attribute (potential XSS)
https://notcve.org/view.php?id=CVE-2022-25784
Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en la Interfaz Gráfica de Usuario de SiteManager permite al usuario conectado inyectar scripts. Este problema afecta a: Secomea SiteManager todas las versiones anteriores a 9.7 • https://www.secomea.com/support/cybersecurity-advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •