var-202102-0392
Vulnerability from variot
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3. GateManager Web server Contains an unspecified vulnerability.Information may be obtained. Secomea GateManager is a remote access server product of Secomea, Denmark
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0392",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gatemanager 9250",
"scope": "eq",
"trust": 1.0,
"vendor": "secomea",
"version": "*"
},
{
"model": "gatemanager 8250",
"scope": "lt",
"trust": 1.0,
"vendor": "secomea",
"version": "9.3"
},
{
"model": "gatemanager 4260",
"scope": "eq",
"trust": 1.0,
"vendor": "secomea",
"version": "*"
},
{
"model": "gatemanager 4250",
"scope": "eq",
"trust": 1.0,
"vendor": "secomea",
"version": "*"
},
{
"model": "gatemanager 4250",
"scope": null,
"trust": 0.8,
"vendor": "b r industrial automation",
"version": null
},
{
"model": "gatemanager 4260",
"scope": null,
"trust": 0.8,
"vendor": "b r industrial automation",
"version": null
},
{
"model": "gatemanager 8250",
"scope": null,
"trust": 0.8,
"vendor": "b r industrial automation",
"version": null
},
{
"model": "gatemanager 9250",
"scope": null,
"trust": 0.8,
"vendor": "b r industrial automation",
"version": null
},
{
"model": "gatemanager",
"scope": "lt",
"trust": 0.6,
"vendor": "secomea",
"version": "9.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18014"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011438"
},
{
"db": "NVD",
"id": "CVE-2020-29022"
}
]
},
"cve": "CVE-2020-29022",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-29022",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-18014",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2020-29022",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-29022",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-29022",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VulnerabilityReporting@secomea.com",
"id": "CVE-2020-29022",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-29022",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-18014",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1222",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18014"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011438"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1222"
},
{
"db": "NVD",
"id": "CVE-2020-29022"
},
{
"db": "NVD",
"id": "CVE-2020-29022"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3. GateManager Web server Contains an unspecified vulnerability.Information may be obtained. Secomea GateManager is a remote access server product of Secomea, Denmark",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29022"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011438"
},
{
"db": "CNVD",
"id": "CNVD-2021-18014"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-29022",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011438",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-18014",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1222",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18014"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011438"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1222"
},
{
"db": "NVD",
"id": "CVE-2020-29022"
}
]
},
"id": "VAR-202102-0392",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18014"
}
],
"trust": 0.9183760599999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18014"
}
]
},
"last_update_date": "2024-11-23T21:51:03.080000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RD-2923",
"trust": 0.8,
"url": "https://www.secomea.com/support/cybersecurity-advisory/#2923"
},
{
"title": "Patch for Secomea GateManager has unspecified vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/253281"
},
{
"title": "Sanitize and Secomea GateManager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142418"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18014"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011438"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1222"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-159",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011438"
},
{
"db": "NVD",
"id": "CVE-2020-29022"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29022"
},
{
"trust": 1.6,
"url": "https://www.secomea.com/support/cybersecurity-advisory/#2923"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18014"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011438"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1222"
},
{
"db": "NVD",
"id": "CVE-2020-29022"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-18014"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011438"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1222"
},
{
"db": "NVD",
"id": "CVE-2020-29022"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18014"
},
{
"date": "2021-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011438"
},
{
"date": "2021-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1222"
},
{
"date": "2021-02-16T16:15:12.533000",
"db": "NVD",
"id": "CVE-2020-29022"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18014"
},
{
"date": "2021-04-02T05:28:00",
"db": "JVNDB",
"id": "JVNDB-2020-011438"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1222"
},
{
"date": "2024-11-21T05:23:31.880000",
"db": "NVD",
"id": "CVE-2020-29022"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1222"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GateManager\u00a0Web\u00a0server\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011438"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1222"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.