CVE-2022-25787
EUVD-2022-3042704.05.2022, 14:15
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| secomea | gatemanager_4250_firmware | 𝑥 < 9.7.622134021 |
| secomea | gatemanager_4260_firmware | 𝑥 < 9.7.622134021 |
| secomea | gatemanager_8250_firmware | 𝑥 < 9.7.622134021 |
| secomea | gatemanager_9250_firmware | 𝑥 < 9.7.622134021 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-598 - Use of GET Request Method With Sensitive Query StringsThe web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.