Description
This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.
Affected Software
Related
{"id": "PRION:CVE-2021-32004", "vendorId": null, "type": "prion", "bulletinFamily": "NVD", "title": "Input validation", "description": "This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.", "published": "2021-11-22T21:15:00", "modified": "2021-11-24T02:14:00", "epss": [{"cve": "CVE-2021-32004", "epss": 0.00072, "percentile": 0.30326, "modified": "2023-11-20"}], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-32004", "reporter": "PRIOn knowledge base", "references": ["https://www.secomea.com/support/cybersecurity-advisory/"], "cvelist": ["CVE-2021-32004"], "immutableFields": [], "lastseen": "2023-11-22T00:50:20", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-32004"]}]}, "score": {"value": 5.2, "uncertanity": 0.1, "vector": "NONE"}, "vulnersScore": 5.2}, "_state": {"dependencies": 1700614314, "score": 1700614629}, "_internal": {"score_hash": "c27d00e5eea45f82cedfe6ea8afaf67f"}, "affectedSoftware": [{"version": "9.6", "operator": "lt", "name": "gatemanager_8250_firmware"}], "vendor_cvss2": {"score": "5", "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "vendor_cvss3": {}}
{"cve": [{"lastseen": "2023-12-06T15:16:22", "description": "This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-11-22T21:15:00", "type": "cve", "title": "CVE-2021-32004", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32004"], "modified": "2021-11-24T02:14:00", "cpe": [], "id": "CVE-2021-32004", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32004", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": []}]}
Input validation
