Gatemanager
Approved changes feed: RSS · Atom
cpe:2.3:a:secomea:gatemanager:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Secomea (45c78ca4-ff1f-51f3-a5bb-ad82f24f54cd) |
|---|---|
| Product | Gatemanager (2c412859-75f2-5e3d-bd82-53cc740a4414) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-14716 |
vulnerable | 2026-06-03 14:58:55.827129 |
Unauthorized access to information
MEDIUM (6.5)
Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.This issue affects GateManager: 11.4;0.
Published: 2026-03-19T10:52:30.851Z
Updated: 2026-03-19T13:17:10.368Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1969 |
vulnerable | 2026-06-03 14:54:35.098918 |
Heap buffer overflow
HIGH (8.2)
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Secomea GateManager (webserver modules) allows crash of GateManager.This issue affects GateManager: from 9.7 before 11.2.624095033.
Published: 2024-04-29T13:29:01.094Z
Updated: 2024-08-01T18:56:22.773Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1579 |
vulnerable | 2026-06-03 14:54:33.963510 |
Insufficient seeding of random number generator
HIGH (8.1)
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Secomea GateManager (Webserver modules) allows Session Hijacking.This issue affects GateManager: before 11.2.624071020.
Published: 2024-04-29T13:27:55.045Z
Updated: 2024-08-01T18:40:21.431Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3675 |
vulnerable | 2026-06-03 14:52:41.473540 |
Insufficient input validation when downloading certain file types.
MEDIUM (6.5)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Secomea GateManager (Web GUI) allows Reading Data from System Resources.This issue affects GateManager: from 11.0.623074018 before 11.0.623373051.
Published: 2024-04-18T10:41:25.088Z
Updated: 2024-08-21T14:08:41.868Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-0317 |
vulnerable | 2026-06-03 14:48:46.034539 |
GateManager debug interface is included in non-debug builds
MEDIUM (4.9)
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information.
Published: 2023-04-19T11:57:46.409Z
Updated: 2025-02-05T15:03:03.498Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4308 |
vulnerable | 2026-06-03 14:48:35.470340 |
Clear-text passwords in configuration files
MEDIUM (6.1)
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.
Published: 2023-04-19T11:56:32.348Z
Updated: 2025-02-05T15:05:16.492Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-38123 |
vulnerable | 2026-06-03 14:47:49.286870 |
Insufficient validation of plugin files
HIGH (8.7)
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface.
This issue affects:
Secomea GateManager
versions prior to 10.0.
Published: 2022-12-06T15:58:01.365Z
Updated: 2025-04-23T16:12:37.744Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-2752 |
vulnerable | 2026-06-03 14:47:07.006375 |
Potential vulnerabilities in GM login process
MEDIUM (5.5)
A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions.
This issue affects:
Secomea GateManager versions from 9.4 through 9.7.
Published: 2022-12-09T13:30:26.346Z
Updated: 2025-04-22T19:44:33.832Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25787 |
vulnerable | 2026-06-03 14:46:40.611073 |
GTA URLs issued by LMM WEB API may leak information
HIGH (7.5)
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7.
Published: 2022-05-04T13:58:45.000Z
Updated: 2024-08-03T04:49:43.776Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25786 |
vulnerable | 2026-06-03 14:46:40.610706 |
GateManager debug interface is included in production builds
MEDIUM (4.9)
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7.
Published: 2022-05-04T17:17:34.000Z
Updated: 2024-08-03T04:49:43.267Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25783 |
vulnerable | 2026-06-03 14:46:40.594533 |
Hacking attempts from logged-in users are not properly logged by GM
MEDIUM (4.3)
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.
Published: 2022-05-04T13:55:13.000Z
Updated: 2024-08-03T04:49:43.230Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25782 |
vulnerable | 2026-06-03 14:46:40.594038 |
Insufficient privilege checks on object access and updates.
MEDIUM (5.4)
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7.
Published: 2022-05-04T13:54:16.000Z
Updated: 2024-08-03T04:49:43.231Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25781 |
vulnerable | 2026-06-03 14:46:40.593532 |
Reflected XSS issues in GateManager
MEDIUM (4.2)
Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session.
Published: 2022-05-04T13:53:17.000Z
Updated: 2024-08-03T04:49:43.192Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25780 |
vulnerable | 2026-06-03 14:46:40.593020 |
Information leak via device availability query function
MEDIUM (4.3)
Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.
Published: 2022-05-04T13:52:15.000Z
Updated: 2024-08-03T04:49:43.496Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25779 |
vulnerable | 2026-06-03 14:46:40.592456 |
Insufficient scope checks allows adding unrelated audit log entries
MEDIUM (4.3)
Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7.
Published: 2022-05-04T13:51:08.000Z
Updated: 2024-08-03T04:49:43.260Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25778 |
vulnerable | 2026-06-03 14:46:40.587656 |
Unload handlers may unintentionally defeat CSRF guards
MEDIUM (4.2)
Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.
Published: 2022-05-04T13:49:55.000Z
Updated: 2024-08-03T04:49:43.681Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32010 |
vulnerable | 2026-06-03 14:44:34.222221 |
Clients may connect to a GateManager with TLS 1.0
MEDIUM (5.6)
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.
Published: 2022-05-04T13:45:03.000Z
Updated: 2024-08-03T23:17:28.463Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32009 |
vulnerable | 2026-06-03 14:44:34.219133 |
Missing XSS guards on firmware page
MEDIUM (5)
Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions.
Published: 2022-03-11T17:53:58.000Z
Updated: 2024-08-03T23:17:28.154Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32008 |
vulnerable | 2026-06-03 14:44:34.218825 |
Logged-in Administrator may get unrestricted file system access
CRITICAL (9.9)
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories.
Published: 2022-03-04T21:20:10.000Z
Updated: 2024-08-03T23:17:27.898Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32007 |
vulnerable | 2026-06-03 14:44:34.218378 |
Missing security header: Referrer-Policy URL
LOW (3.5)
This issue affects:
Secomea GateManager
Version 9.5 and all prior versions.
Protection Mechanism Failure vulnerability in web server of Secomea GateManager to potentially leak information to remote servers.
Published: 2024-12-13T11:05:58.370Z
Updated: 2024-12-23T19:14:49.546Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32006 |
vulnerable | 2026-06-03 14:44:34.218053 |
GateManager information leak for LinkManager Users
MEDIUM (5)
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files.
Published: 2022-03-07T15:08:16.000Z
Updated: 2024-08-03T23:17:28.226Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32004 |
vulnerable | 2026-06-03 14:44:34.206334 |
GateManager does not enforce strict hostname matching for WEB server
LOW (3.7)
This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.
Published: 2021-11-22T20:32:45.000Z
Updated: 2024-08-03T23:17:28.501Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29032 |
vulnerable | 2026-06-03 14:42:22.024572 |
Add integrity check of GateManager firmware
HIGH (8.4)
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022
Published: 2021-03-05T16:58:27.148Z
Updated: 2024-09-16T16:32:33.185Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29031 |
vulnerable | 2026-06-03 14:42:22.024068 |
Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation
HIGH (7.1)
An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c
Published: 2021-02-15T15:52:30.000Z
Updated: 2024-08-04T16:48:00.792Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29030 |
vulnerable | 2026-06-03 14:42:22.023668 |
Insufficient CSRF guards
HIGH (8.1)
Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4.
Published: 2021-03-05T19:15:27.247Z
Updated: 2024-09-17T00:31:38.842Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29029 |
vulnerable | 2026-06-03 14:42:22.023300 |
XSS issue due to insufficient sanitization of input field
HIGH (7.3)
Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.
Published: 2021-03-05T19:08:21.917Z
Updated: 2024-09-16T22:31:25.557Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29028 |
vulnerable | 2026-06-03 14:42:22.021263 |
Reflected XSS issues
MEDIUM (6.3)
Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.
Published: 2021-03-05T19:10:00.326Z
Updated: 2024-09-17T00:10:29.690Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29026 |
vulnerable | 2026-06-03 14:42:22.003532 |
Details available
CRITICAL (9)
A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c.
Published: 2021-02-15T15:48:30.000Z
Updated: 2024-08-04T16:48:01.207Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29024 |
vulnerable | 2026-06-03 14:42:21.997302 |
Missing HtppOnly and Secure flags
MEDIUM (5.3)
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.
Published: 2021-02-16T15:07:41.787Z
Updated: 2024-09-16T16:38:40.890Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29023 |
vulnerable | 2026-06-03 14:42:21.996769 |
CSV Formula Injection possible due to improper fields escaping in GateManager
LOW (3.5)
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.
Published: 2021-02-16T15:14:57.287Z
Updated: 2024-09-17T04:24:59.661Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29022 |
vulnerable | 2026-06-03 14:42:21.996182 |
Host Header Injection allowing web cache poisoning attacks
MEDIUM (5.3)
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3
Published: 2021-02-16T15:08:36.021Z
Updated: 2024-09-16T16:18:06.251Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29021 |
vulnerable | 2026-06-03 14:42:21.989664 |
Scripting tag chars < > not filtered in input fields could cause Cross-Site Scripting (XSS)
LOW (3.5)
A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.
Published: 2021-02-08T22:08:50.970Z
Updated: 2024-09-17T02:12:03.205Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-14512 |
vulnerable | 2026-06-03 14:41:44.050711 |
USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916
HIGH (8.1)
GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords.
Published: 2020-08-25T13:20:49.817Z
Updated: 2024-09-17T03:07:15.578Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-14510 |
vulnerable | 2026-06-03 14:41:44.042011 |
OFF-BY-ONE ERROR CWE-193
CRITICAL (9.8)
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.
Published: 2020-08-25T13:19:33.362Z
Updated: 2024-09-16T19:25:36.335Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-14508 |
vulnerable | 2026-06-03 14:41:44.039208 |
OFF-BY-ONE ERROR CWE-193
HIGH (8.1)
GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition.
Published: 2020-08-25T13:15:19.248Z
Updated: 2024-09-16T16:33:48.741Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.