Gatemanager
Monthly
An improper authentication vulnerability in Secomea GateManager's webserver modules allows authenticated users to bypass authentication controls and access resources they should not be permitted to access. This affects GateManager version 11.4.0 and potentially other versions within the 11.4 release line. An attacker with valid login credentials can exploit this flaw to gain unauthorized access to sensitive information, achieving high confidentiality impact without modifying data or degrading availability.
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper authentication vulnerability in Secomea GateManager's webserver modules allows authenticated users to bypass authentication controls and access resources they should not be permitted to access. This affects GateManager version 11.4.0 and potentially other versions within the 11.4 release line. An attacker with valid login credentials can exploit this flaw to gain unauthorized access to sensitive information, achieving high confidentiality impact without modifying data or degrading availability.
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.