Skip to main content

Gatemanager 4250 Firmware

7 CVEs product

Monthly

CVE-2022-25787 MEDIUM This Month

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-25783 MEDIUM This Month

Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-25782 MEDIUM This Month

Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25781 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-25780 MEDIUM This Month

Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-25779 MEDIUM This Month

Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-25778 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
EPSS 0% CVSS 6.7
MEDIUM This Month

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gatemanager 4250 Firmware Gatemanager 4260 Firmware +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gatemanager 4250 Firmware Gatemanager 4260 Firmware +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy