CVE-2022-2752 (GCVE-0-2022-2752)

Vulnerability from cvelistv5 – Published: 2022-12-09 13:30 – Updated: 2025-04-22 19:44
VLAI?
Summary
A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L
CWE
  • CWE-287 - Improper Authentication
Assigner
References
Impacted products
Vendor Product Version
Secomea GateManager Affected: 9.4 , < 10.0 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:46:04.419Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.secomea.com/support/cybersecurity-advisory"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T19:44:26.372042Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T19:44:33.832Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "GateManager",
          "vendor": "Secomea",
          "versions": [
            {
              "lessThan": "10.0",
              "status": "affected",
              "version": "9.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-12-09T11:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eA vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions.\u003c/div\u003e\u003cdiv\u003eThis issue affects:\u003c/div\u003e\u003cdiv\u003eSecomea GateManager versions from 9.4 through 9.7.\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions.\n\nThis issue affects:\n\nSecomea GateManager versions from 9.4 through 9.7.\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-114",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-114 Authentication Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-09T13:30:26.346Z",
        "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "shortName": "Secomea"
      },
      "references": [
        {
          "url": "https://www.secomea.com/support/cybersecurity-advisory"
        }
      ],
      "source": {
        "defect": [
          "RD-5896"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Potential vulnerabilities in GM login process",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
    "assignerShortName": "Secomea",
    "cveId": "CVE-2022-2752",
    "datePublished": "2022-12-09T13:30:26.346Z",
    "dateReserved": "2022-08-10T09:43:33.129Z",
    "dateUpdated": "2025-04-22T19:44:33.832Z",
    "requesterUserId": "44bd1e71-3702-434c-b36b-c1ac3bb0bab6",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:secomea:gatemanager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.4\", \"versionEndIncluding\": \"9.7\", \"matchCriteriaId\": \"1E14D902-23AE-4E8E-862D-EC224215827B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions.\\n\\nThis issue affects:\\n\\nSecomea GateManager versions from 9.4 through 9.7.\\n\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el servidor web de Secomea GateManager permite que un usuario local se haga pasar por el usuario anterior en algunas condiciones de inicio de sesi\\u00f3n fallidas. Este problema afecta a: Versiones de Secomea GateManager desde la 9.4 hasta la 9.7.\"}]",
      "id": "CVE-2022-2752",
      "lastModified": "2024-11-21T07:01:38.377",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"VulnerabilityReporting@secomea.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 4.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2022-12-09T14:15:09.893",
      "references": "[{\"url\": \"https://www.secomea.com/support/cybersecurity-advisory\", \"source\": \"VulnerabilityReporting@secomea.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.secomea.com/support/cybersecurity-advisory\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "VulnerabilityReporting@secomea.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"VulnerabilityReporting@secomea.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-2752\",\"sourceIdentifier\":\"VulnerabilityReporting@secomea.com\",\"published\":\"2022-12-09T14:15:09.893\",\"lastModified\":\"2024-11-21T07:01:38.377\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions.\\n\\nThis issue affects:\\n\\nSecomea GateManager versions from 9.4 through 9.7.\\n\\n\\n\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el servidor web de Secomea GateManager permite que un usuario local se haga pasar por el usuario anterior en algunas condiciones de inicio de sesi\u00f3n fallidas. Este problema afecta a: Versiones de Secomea GateManager desde la 9.4 hasta la 9.7.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"VulnerabilityReporting@secomea.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.8,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"VulnerabilityReporting@secomea.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:secomea:gatemanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.4\",\"versionEndIncluding\":\"9.7\",\"matchCriteriaId\":\"1E14D902-23AE-4E8E-862D-EC224215827B\"}]}]}],\"references\":[{\"url\":\"https://www.secomea.com/support/cybersecurity-advisory\",\"source\":\"VulnerabilityReporting@secomea.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.secomea.com/support/cybersecurity-advisory\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"GateManager\", \"vendor\": \"Secomea\", \"versions\": [{\"lessThan\": \"10.0\", \"status\": \"affected\", \"version\": \"9.4\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2022-12-09T11:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cdiv\u003eA vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions.\u003c/div\u003e\u003cdiv\u003eThis issue affects:\u003c/div\u003e\u003cdiv\u003eSecomea GateManager versions from 9.4 through 9.7.\u003c/div\u003e\u003cbr\u003e\"}], \"value\": \"A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions.\\n\\nThis issue affects:\\n\\nSecomea GateManager versions from 9.4 through 9.7.\\n\\n\\n\"}], \"impacts\": [{\"capecId\": \"CAPEC-114\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-114 Authentication Abuse\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"LOW\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"f2815942-3388-4c08-ba09-6c15850fda90\", \"shortName\": \"Secomea\", \"dateUpdated\": \"2022-12-09T13:30:26.346Z\"}, \"references\": [{\"url\": \"https://www.secomea.com/support/cybersecurity-advisory\"}], \"source\": {\"defect\": [\"RD-5896\"], \"discovery\": \"EXTERNAL\"}, \"title\": \"Potential vulnerabilities in GM login process\", \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T00:46:04.419Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.secomea.com/support/cybersecurity-advisory\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-2752\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-22T19:44:26.372042Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-22T19:44:29.384Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-2752\", \"assignerOrgId\": \"f2815942-3388-4c08-ba09-6c15850fda90\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"Secomea\", \"requesterUserId\": \"44bd1e71-3702-434c-b36b-c1ac3bb0bab6\", \"dateReserved\": \"2022-08-10T09:43:33.129Z\", \"datePublished\": \"2022-12-09T13:30:26.346Z\", \"dateUpdated\": \"2025-04-22T19:44:33.832Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.