5.5
CVE-2022-25782
- EPSS 0.46%
- Veröffentlicht 04.05.2022 14:15:08
- Zuletzt bearbeitet 21.11.2024 06:52:59
- Quelle VulnerabilityReporting@secomea
- CVE-Watchlists
- Unerledigt
LoginInsufficient privilege checks on object access and updates.
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Secomea ≫ Gatemanager 4250 Firmware Version < 9.7.622134021
Secomea ≫ Gatemanager 4260 Firmware Version < 9.7.622134021
Secomea ≫ Gatemanager 8250 Firmware Version < 9.7.622134021
Secomea ≫ Gatemanager 9250 Firmware Version < 9.7.622134021
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.361 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:P/A:N
|
| VulnerabilityReporting@secomea.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-274 Improper Handling of Insufficient Privileges
The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.
https://www.secomea.com/support/cybersecurity-advisory/