CVE-2020-29031
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
15/02/2021
Last modified:
26/02/2021
Description
An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
Base Score 2.0
5.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:* | 9.2c (excluding) | |
| cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:secomea:gatemanager_4250_firmware:*:*:*:*:*:*:*:* | 9.0i (excluding) | |
| cpe:2.3:h:secomea:gatemanager_4250:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:secomea:gatemanager_4260_firmware:*:*:*:*:*:*:*:* | 9.0i (excluding) | |
| cpe:2.3:h:secomea:gatemanager_4260:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:secomea:gatemanager_9250_firmware:*:*:*:*:*:*:*:* | 9.0i (excluding) | |
| cpe:2.3:h:secomea:gatemanager_9250:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page