HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2020-29031

CVSS 7.1v3.1pub. 2021-02-15upd. 2024-11-21

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
  • Secomea Gatemanager 4250

    HW
    Secomea
    wszystkie wersje
  • Secomea Gatemanager 4250 Firmware

    OS
    Secomea
    < 9.0i
  • Secomea Gatemanager 4260

    HW
    Secomea
    wszystkie wersje
  • Secomea Gatemanager 4260 Firmware

    OS
    Secomea
    < 9.0i
  • Secomea Gatemanager 8250

    HW
    Secomea
    wszystkie wersje
  • Secomea Gatemanager 8250 Firmware

    OS
    Secomea
    < 9.2c
  • Secomea Gatemanager 9250

    HW
    Secomea
    wszystkie wersje
  • Secomea Gatemanager 9250 Firmware

    OS
    Secomea
    < 9.0i
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
IDOR
CWE
References

Related vulnerabilities

CVE-2020-29026CRITICAL9.0ten sam produkt

A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authe...

CVE-2020-14510CRITICAL9.8ten sam produkt

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing...

CVE-2020-14500CRITICAL10.0ten sam produkt

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary ...

CVE-2022-25787HIGH7.5ten sam produkt

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allo...

CVE-2020-29032HIGH8.4ten sam produkt

Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authent...