Lucene search

SecomeaCVELIST:CVE-2020-29031

HistoryFeb 15, 2021 - 3:52 p.m.

CVE-2020-29031 Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation

2021-02-1515:52:30

CWE-280

Secomea

www.cve.org

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.5%

JSON

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c

CNA Affected

[
  {
    "product": "GateManager",
    "vendor": "Secomea",
    "versions": [
      {
        "lessThan": "9.2c",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  }
]

References

www.secomea.com/support/cybersecurity-advisory/#2920

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.5%

JSON

Related for CVELIST:CVE-2020-29031