MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2021-32002

CVSS 4.3v3.1pub. 2021-08-05upd. 2024-11-21

Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Secomea Sitemanager

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager Firmware

    OS
    Secomea
    < 9.5.621256022
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2020-29020CRITICAL9.1ten sam produkt

Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access t...

CVE-2021-32003HIGH8.0ten sam produkt

Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker t...

CVE-2022-25784CRITICAL9.1ten sam vendor

Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. ...

CVE-2021-32008CRITICAL9.9ten sam vendor

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a...

CVE-2020-29026CRITICAL9.0ten sam vendor

A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authe...