Secomea Sitemanager
10 CVEs affecting Secomea Sitemanager. Latest disclosed: 2023-04-19. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-25784 | Critical | 9.1 | 2022-05-04 | Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versi… |
CVE-2020-29020 | Critical | 9.1 | 2021-03-05 | Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured… |
CVE-2021-32003 | High | 8.0 | 2021-08-05 | Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used afte… |
CVE-2022-25785 | Medium | 6.6 | 2022-05-04 | Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteMana… |
CVE-2021-32005 | Medium | 6.5 | 2022-03-07 | Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects… |
CVE-2022-38124 | Medium | 5.7 | 2022-12-13 | Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. |
CVE-2021-32010 | Medium | 5.6 | 2022-05-04 | Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue… |
CVE-2020-29027 | Medium | 5.4 | 2021-02-16 | Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager… |
CVE-2021-32002 | Medium | 4.3 | 2021-08-05 | Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configu… |
CVE-2022-38125 | Low | 2.9 | 2023-04-19 | Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client. |