CVE-2022-25787

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 04-05-2022 04:15

Last modified: - 11-05-2022 09:05

Total changes: - 2

Description

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

High

Privileges required

Unchanged

Scope

None

User interaction

6.7

Base score

0.8

5.9

Exploitability score

Impact score

Verification logic

AND

vendor=secomea AND product=gatemanager_4250_firmware AND versionEndExcluding=9.7.622134021

vendor=secomea AND product=gatemanager_4250 AND version=-

AND

vendor=secomea AND product=gatemanager_4260_firmware AND versionEndExcluding=9.7.622134021

vendor=secomea AND product=gatemanager_4260 AND version=-

AND

vendor=secomea AND product=gatemanager_8250_firmware AND versionEndExcluding=9.7.622134021

vendor=secomea AND product=gatemanager_8250 AND version=-

AND

vendor=secomea AND product=gatemanager_9250_firmware AND versionEndExcluding=9.7.622134021

vendor=secomea AND product=gatemanager_9250 AND version=-

Reference

https://www.secomea.com/support/cybersecurity-advisory/

Keywords

CVE-2022-25787

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-25787

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures