7.5
CVE-2022-25787
- EPSS 0.23%
- Veröffentlicht 04.05.2022 14:15:08
- Zuletzt bearbeitet 21.11.2024 06:53:00
- Quelle VulnerabilityReporting@secomea
- CVE-Watchlists
- Unerledigt
LoginGTA URLs issued by LMM WEB API may leak information
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Secomea ≫ Gatemanager 4250 Firmware Version < 9.7.622134021
Secomea ≫ Gatemanager 4260 Firmware Version < 9.7.622134021
Secomea ≫ Gatemanager 8250 Firmware Version < 9.7.622134021
Secomea ≫ Gatemanager 9250 Firmware Version < 9.7.622134021
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.138 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| VulnerabilityReporting@secomea.com | 7.5 | 0.8 | 6 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-598 Use of GET Request Method With Sensitive Query Strings
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
https://www.secomea.com/support/cybersecurity-advisory/