CVE-2020-29022 Host Header Injection allowing web cache poisoning attacks

Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3...

CVE-2020-29022

CVE-2020-29022 affects Secomea GateManager (all versions prior to 9.3). The vulnerability is due to failure to sanitize the host header value on output in the GateManager Web server, which could allow web cache poisoning attacks. Impact is described as enabling manipulation of cached responses to...

CVE-2020-29024 Missing HtppOnly and Secure flags

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in GTA GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3...

CVE-2020-29024

The CVE-2020-29024 issue affects Secomea GateManager (GoToAppliance) prior to version 9.3, where cookies in HTTPS sessions can be exposed due to missing Secure attribute. This could allow an attacker to access sensitive cookies. The vulnerability is caused by insecure cookie handling in GoToAppli...

Secomea GateManager Security Vulnerability

A security vulnerability exists in Secomea GateManager all versions prior to 9.3, which can be exploited by an attacker to run arbitrary commands on a victim's computer...

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in Secomea GateManager versions prior to 9.3, which can be exploited by an attacker to potentially conduct Web caching attacks...

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in Secomea GateManager versions prior to 9.3, which allows an attacker to exploit the vulnerability to access sensitive cookies...

CVE-2020-29026

A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c...

CVE-2020-29031

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c...

CVE-2020-29026

A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c...

Directory traversal

A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c...

Design/Logic Flaw

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c...

CVE-2020-29031 Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c...

CVE-2020-29031

CVE-2020-29031 affects Secomea GateManager web UI. An Insecure Direct Object Reference allows an authenticated attacker to reset the password of any user in its domain or sub-domain via privilege escalation, impacting GateManager versions prior to 9.2c. The issue is evidenced across multiple sour...

CVE-2020-29026

The CVE describes a directory traversal flaw in GateManager’s file upload function. An authenticated administrator could read/write arbitrary Linux files in all GateManager versions prior to 9.2c. Root cause: improper validation during file upload leading to path traversal. Impact: partial confid...

CVE-2020-29026

A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c...

Secomea GateManager 路径遍历漏洞

GateManager is a cloud server product from Secomea. A directory traversal vulnerability in the file upload feature in all versions of GateManager prior to 92c allows an authenticated attacker with administrative privileges to read and write arbitrary files on the Linux file system...

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in GateManager versions prior to 9.2c, which stems from an insecure direct object reference vulnerability that can be exploited by an attacker to reset the password of any user in his doma...

GateManager Cross-Site Scripting Vulnerability

GateManager is a VPN server from Secomea. A cross-site scripting vulnerability exists in the Web UI input field of GateManager versions prior to 9.3. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via the input script tag...

CVE-2020-29021

A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3...