HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2021-32003

CVSS 8.0v3.1pub. 2021-08-05upd. 2024-11-21

Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Secomea Sitemanager

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager Firmware

    OS
    Secomea
    < 9.5.621256022
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2020-29020CRITICAL9.1ten sam produkt

Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access t...

CVE-2021-32002MEDIUM4.3ten sam produkt

Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without cred...

CVE-2022-25784CRITICAL9.1ten sam vendor

Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. ...

CVE-2021-32008CRITICAL9.9ten sam vendor

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a...

CVE-2020-29026CRITICAL9.0ten sam vendor

A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authe...