Description
Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.This issue affects GateManager: 11.4;0.
Published: 2026-03-19
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass / Unauthorized Access
Action: Patch Now
AI Analysis

Impact

An improper authentication flaw in the Secomea GateManager webserver modules allows an attacker to bypass credential checks, granting unauthorized access to the management interface and any resources managed by the system. The vulnerability is classified as CWE-287, identifying it as an authentication bypass weakness. If exploited, an attacker could compromise the confidentiality and integrity of configuration data and potentially perform further actions within the managed environment.

Affected Systems

The flaw affects Secomea GateManager version 11.4.0, as specified by the CNA’s affected product list. No other product or version information is provided in the CVE data.

Risk and Exploitability

The CVSS score of 6.5 places the vulnerability in the moderate severity range. EPSS data is unavailable and the issue is not listed in the CISA KEV catalog, indicating no known exploitation activity currently. Based on the description, the likely attack vector is through the publicly accessible web interface where authentication is enforced but can be bypassed; however, the exact conditions and prerequisites for exploitation are not detailed in the supplied information.

Generated by OpenCVE AI on March 19, 2026 at 12:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a vendor patch or upgrade Secomea GateManager to a version that resolves the authentication bypass flaw; check the vendor’s advisory for a release date.
  • Re‑configure the GateManager web interface to require authentication for all administrative functions and disable any anonymous or guest access options.
  • Restrict network access to the GateManager management UI using IP whitelisting or firewall rules to limit exposure to trusted hosts.

Generated by OpenCVE AI on March 19, 2026 at 12:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Secomea
Secomea gatemanager
Vendors & Products Secomea
Secomea gatemanager

Thu, 19 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
Description Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.This issue affects GateManager: 11.4;0.
Title Unauthorized access to information
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Secomea Gatemanager
cve-icon MITRE

Status: PUBLISHED

Assigner: Secomea

Published:

Updated: 2026-03-19T13:17:10.368Z

Reserved: 2025-12-15T12:39:50.601Z

Link: CVE-2025-14716

cve-icon Vulnrichment

Updated: 2026-03-19T13:17:06.967Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-19T11:16:14.857

Modified: 2026-03-19T13:25:00.570

Link: CVE-2025-14716

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:15:09Z

Weaknesses