MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2022-2752

CVSS 5.5v3.1pub. 2022-12-09upd. 2024-11-21

A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7.

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L
  • Secomea Gatemanager

    APP
    Secomea
    9.4 – 9.7
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2021-32008CRITICAL9.9ten sam produkt

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a...

CVE-2022-38123HIGH8.7ten sam produkt

Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server ad...

CVE-2023-0317MEDIUM4.9ten sam produkt

Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to ob...

CVE-2022-4308MEDIUM6.1ten sam produkt

Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse ...

CVE-2022-25786MEDIUM4.9ten sam produkt

Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obt...