An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NSecomea Gatemanager 4250
HWSecomeawszystkie wersjeSecomea Gatemanager 4250 Firmware
OSSecomea< 9.0iSecomea Gatemanager 4260
HWSecomeawszystkie wersjeSecomea Gatemanager 4260 Firmware
OSSecomea< 9.0iSecomea Gatemanager 8250
HWSecomeawszystkie wersjeSecomea Gatemanager 8250 Firmware
OSSecomea< 9.2cSecomea Gatemanager 9250
HWSecomeawszystkie wersjeSecomea Gatemanager 9250 Firmware
OSSecomea< 9.0i
Related vulnerabilities
A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authe...
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing...
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary ...
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allo...
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authent...