CVE-2020-29022

Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:secomea:gatemanager_4250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:secomea:gatemanager_4250:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:secomea:gatemanager_4260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:secomea:gatemanager_4260:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:secomea:gatemanager_9250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:secomea:gatemanager_9250:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*

History

26 Feb 2021, 18:58

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 5.3
CWE NVD-CWE-noinfo
CPE cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*
cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:secomea:gatemanager_4260:-:*:*:*:*:*:*:*
cpe:2.3:h:secomea:gatemanager_4250:-:*:*:*:*:*:*:*
cpe:2.3:o:secomea:gatemanager_9250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:secomea:gatemanager_4260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:secomea:gatemanager_9250:-:*:*:*:*:*:*:*
cpe:2.3:o:secomea:gatemanager_4250_firmware:*:*:*:*:*:*:*:*
References (MISC) https://www.secomea.com/support/cybersecurity-advisory/#2923 - (MISC) https://www.secomea.com/support/cybersecurity-advisory/#2923 - Vendor Advisory

16 Feb 2021, 16:41

Type Values Removed Values Added
New CVE

Information

Published : 2021-02-16 16:15

Updated : 2023-12-10 13:41


NVD link : CVE-2020-29022

Mitre link : CVE-2020-29022

CVE.ORG link : CVE-2020-29022


JSON object : View

Products Affected

secomea

  • gatemanager_4260_firmware
  • gatemanager_9250_firmware
  • gatemanager_8250_firmware
  • gatemanager_8250
  • gatemanager_4260
  • gatemanager_4250
  • gatemanager_4250_firmware
  • gatemanager_9250
CWE
NVD-CWE-noinfo CWE-159

Improper Handling of Invalid Use of Special Elements