Secomea GatemManager 8250
Approved changes feed: RSS · Atom
cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Secomea (45c78ca4-ff1f-51f3-a5bb-ad82f24f54cd) |
|---|---|
| Product | Gatemanager 8250 (8036993a-9c19-506e-b490-e5fcae529ec5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-25787 |
not_vulnerable | 2026-06-03 14:46:40.611197 |
GTA URLs issued by LMM WEB API may leak information
HIGH (7.5)
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7.
Published: 2022-05-04T13:58:45.000Z
Updated: 2024-08-03T04:49:43.776Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25783 |
not_vulnerable | 2026-06-03 14:46:40.594649 |
Hacking attempts from logged-in users are not properly logged by GM
MEDIUM (4.3)
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.
Published: 2022-05-04T13:55:13.000Z
Updated: 2024-08-03T04:49:43.230Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25782 |
not_vulnerable | 2026-06-03 14:46:40.594159 |
Insufficient privilege checks on object access and updates.
MEDIUM (5.4)
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7.
Published: 2022-05-04T13:54:16.000Z
Updated: 2024-08-03T04:49:43.231Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25781 |
not_vulnerable | 2026-06-03 14:46:40.593653 |
Reflected XSS issues in GateManager
MEDIUM (4.2)
Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session.
Published: 2022-05-04T13:53:17.000Z
Updated: 2024-08-03T04:49:43.192Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25780 |
not_vulnerable | 2026-06-03 14:46:40.593140 |
Information leak via device availability query function
MEDIUM (4.3)
Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.
Published: 2022-05-04T13:52:15.000Z
Updated: 2024-08-03T04:49:43.496Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25779 |
not_vulnerable | 2026-06-03 14:46:40.592594 |
Insufficient scope checks allows adding unrelated audit log entries
MEDIUM (4.3)
Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7.
Published: 2022-05-04T13:51:08.000Z
Updated: 2024-08-03T04:49:43.260Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25778 |
not_vulnerable | 2026-06-03 14:46:40.590963 |
Unload handlers may unintentionally defeat CSRF guards
MEDIUM (4.2)
Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.
Published: 2022-05-04T13:49:55.000Z
Updated: 2024-08-03T04:49:43.681Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32010 |
not_vulnerable | 2026-06-03 14:44:34.226777 |
Clients may connect to a GateManager with TLS 1.0
MEDIUM (5.6)
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.
Published: 2022-05-04T13:45:03.000Z
Updated: 2024-08-03T23:17:28.463Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32004 |
not_vulnerable | 2026-06-03 14:44:34.207467 |
GateManager does not enforce strict hostname matching for WEB server
LOW (3.7)
This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.
Published: 2021-11-22T20:32:45.000Z
Updated: 2024-08-03T23:17:28.501Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29032 |
not_vulnerable | 2026-06-03 14:42:22.024630 |
Add integrity check of GateManager firmware
HIGH (8.4)
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022
Published: 2021-03-05T16:58:27.148Z
Updated: 2024-09-16T16:32:33.185Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29031 |
not_vulnerable | 2026-06-03 14:42:22.024122 |
Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation
HIGH (7.1)
An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c
Published: 2021-02-15T15:52:30.000Z
Updated: 2024-08-04T16:48:00.792Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29026 |
not_vulnerable | 2026-06-03 14:42:22.003596 |
Details available
CRITICAL (9)
A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c.
Published: 2021-02-15T15:48:30.000Z
Updated: 2024-08-04T16:48:01.207Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29024 |
not_vulnerable | 2026-06-03 14:42:21.997587 |
Missing HtppOnly and Secure flags
MEDIUM (5.3)
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.
Published: 2021-02-16T15:07:41.787Z
Updated: 2024-09-16T16:38:40.890Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29023 |
not_vulnerable | 2026-06-03 14:42:21.996926 |
CSV Formula Injection possible due to improper fields escaping in GateManager
LOW (3.5)
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.
Published: 2021-02-16T15:14:57.287Z
Updated: 2024-09-17T04:24:59.661Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29022 |
not_vulnerable | 2026-06-03 14:42:21.996359 |
Host Header Injection allowing web cache poisoning attacks
MEDIUM (5.3)
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3
Published: 2021-02-16T15:08:36.021Z
Updated: 2024-09-16T16:18:06.251Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29021 |
not_vulnerable | 2026-06-03 14:42:21.990708 |
Scripting tag chars < > not filtered in input fields could cause Cross-Site Scripting (XSS)
LOW (3.5)
A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.
Published: 2021-02-08T22:08:50.970Z
Updated: 2024-09-17T02:12:03.205Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-14512 |
not_vulnerable | 2026-06-03 14:41:44.052474 |
USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916
HIGH (8.1)
GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords.
Published: 2020-08-25T13:20:49.817Z
Updated: 2024-09-17T03:07:15.578Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-14510 |
not_vulnerable | 2026-06-03 14:41:44.042075 |
OFF-BY-ONE ERROR CWE-193
CRITICAL (9.8)
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.
Published: 2020-08-25T13:19:33.362Z
Updated: 2024-09-16T19:25:36.335Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-14508 |
not_vulnerable | 2026-06-03 14:41:44.039292 |
OFF-BY-ONE ERROR CWE-193
HIGH (8.1)
GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition.
Published: 2020-08-25T13:15:19.248Z
Updated: 2024-09-16T16:33:48.741Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-14500 |
not_vulnerable | 2026-06-03 14:41:44.025208 |
IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158
CRITICAL (10)
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data.
Published: 2020-08-25T13:12:30.705Z
Updated: 2024-09-17T03:34:07.630Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.