GateManager
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-29030 | 0.00 | — | 0.00 | Mar 5, 2021 | Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4. | |||
| CVE-2020-29028 | 0.00 | — | 0.00 | Mar 5, 2021 | Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. | |||
| CVE-2020-29029 | 0.00 | — | 0.00 | Mar 5, 2021 | Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. | |||
| CVE-2020-29032 | 0.00 | — | 0.00 | Mar 5, 2021 | Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022 | |||
| CVE-2020-29022 | 0.00 | — | 0.00 | Feb 16, 2021 | Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3 | |||
| CVE-2020-29024 | 0.00 | — | 0.00 | Feb 16, 2021 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3. | |||
| CVE-2020-29021 | 0.00 | — | 0.00 | Feb 8, 2021 | A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3. | |||
| CVE-2020-11646 | 0.00 | — | 0.00 | Oct 15, 2020 | A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users. | |||
| CVE-2020-11645 | 0.00 | — | 0.00 | Oct 15, 2020 | A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances. | |||
| CVE-2020-11644 | 0.00 | — | 0.00 | Oct 15, 2020 | The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages. | |||
| CVE-2020-11643 | 0.00 | — | 0.00 | Oct 15, 2020 | An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains. | |||
| CVE-2020-14512 | 0.00 | — | 0.00 | Aug 25, 2020 | GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords. | |||
| CVE-2020-14510 | 0.00 | — | 0.00 | Aug 25, 2020 | GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. | |||
| CVE-2020-14508 | 0.00 | — | 0.01 | Aug 25, 2020 | GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. |
- CVE-2020-29030Mar 5, 2021risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4.
- CVE-2020-29028Mar 5, 2021risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.
- CVE-2020-29029Mar 5, 2021risk 0.00cvss —epss 0.00
Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.
- CVE-2020-29032Mar 5, 2021risk 0.00cvss —epss 0.00
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022
- CVE-2020-29022Feb 16, 2021risk 0.00cvss —epss 0.00
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3
- CVE-2020-29024Feb 16, 2021risk 0.00cvss —epss 0.00
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.
- CVE-2020-29021Feb 8, 2021risk 0.00cvss —epss 0.00
A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.
- CVE-2020-11646Oct 15, 2020risk 0.00cvss —epss 0.00
A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users.
- CVE-2020-11645Oct 15, 2020risk 0.00cvss —epss 0.00
A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances.
- CVE-2020-11644Oct 15, 2020risk 0.00cvss —epss 0.00
The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages.
- CVE-2020-11643Oct 15, 2020risk 0.00cvss —epss 0.00
An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains.
- CVE-2020-14512Aug 25, 2020risk 0.00cvss —epss 0.00
GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords.
- CVE-2020-14510Aug 25, 2020risk 0.00cvss —epss 0.00
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.
- CVE-2020-14508Aug 25, 2020risk 0.00cvss —epss 0.01
GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition.