CVE-2022-4308
published 2023-04-19CVE-2022-4308: Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.
PriorityP345high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
EPSS
0.17%
6.6th percentile
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| secomea | gatemanager | < 10.0.622425017 | 10.0.622425017 |
| secomea | gatemanager | >= 5.0 < 10.1 | 10.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xr26-qphw-jcg8: Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is
ghsa_unreviewed·2023-04-19
CVE-2022-4308 [HIGH] CWE-256 GHSA-xr26-qphw-jcg8: Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.
Red Hat
ManageEngine: remote code execution vulnerability in multiple ManageEngine products
vendor_redhat·2023-01-19·CVSS 9.8
CVE-2022-47966 [CRITICAL] CWE-303 ManageEngine: remote code execution vulnerability in multiple ManageEngine products
ManageEngine: remote code execution vulnerability in multiple ManageEngine products
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-19
Published