var-202102-0394
Vulnerability from variot
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3. plural GateManager The product contains a vulnerability regarding the lack of encryption of critical data.Information may be obtained. Secomea GateManager is a remote access server product of Secomea, Denmark
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0394",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gatemanager 9250",
"scope": "eq",
"trust": 1.0,
"vendor": "secomea",
"version": "*"
},
{
"model": "gatemanager 8250",
"scope": "lt",
"trust": 1.0,
"vendor": "secomea",
"version": "9.3"
},
{
"model": "gatemanager 4260",
"scope": "eq",
"trust": 1.0,
"vendor": "secomea",
"version": "*"
},
{
"model": "gatemanager 4250",
"scope": "eq",
"trust": 1.0,
"vendor": "secomea",
"version": "*"
},
{
"model": "gatemanager 4250",
"scope": null,
"trust": 0.8,
"vendor": "b r industrial automation",
"version": null
},
{
"model": "gatemanager 4260",
"scope": null,
"trust": 0.8,
"vendor": "b r industrial automation",
"version": null
},
{
"model": "gatemanager 8250",
"scope": null,
"trust": 0.8,
"vendor": "b r industrial automation",
"version": null
},
{
"model": "gatemanager 9250",
"scope": null,
"trust": 0.8,
"vendor": "b r industrial automation",
"version": null
},
{
"model": "gatemanager",
"scope": "lt",
"trust": 0.6,
"vendor": "secomea",
"version": "9.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18013"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011436"
},
{
"db": "NVD",
"id": "CVE-2020-29024"
}
]
},
"cve": "CVE-2020-29024",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-29024",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-18013",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2020-29024",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-29024",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-29024",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VulnerabilityReporting@secomea.com",
"id": "CVE-2020-29024",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-29024",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-18013",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1220",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18013"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011436"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1220"
},
{
"db": "NVD",
"id": "CVE-2020-29024"
},
{
"db": "NVD",
"id": "CVE-2020-29024"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3. plural GateManager The product contains a vulnerability regarding the lack of encryption of critical data.Information may be obtained. Secomea GateManager is a remote access server product of Secomea, Denmark",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29024"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011436"
},
{
"db": "CNVD",
"id": "CNVD-2021-18013"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-29024",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011436",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-18013",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1220",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18013"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011436"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1220"
},
{
"db": "NVD",
"id": "CVE-2020-29024"
}
]
},
"id": "VAR-202102-0394",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18013"
}
],
"trust": 0.9183760599999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18013"
}
]
},
"last_update_date": "2024-11-23T22:11:08.018000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RD-2418",
"trust": 0.8,
"url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
},
{
"title": "Patch for Secomea GateManager has an unspecified vulnerability (CNVD-2021-18013)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/253276"
},
{
"title": "HTTPS and Secomea GateManager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142417"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18013"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011436"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1220"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.0
},
{
"problemtype": "CWE-614",
"trust": 1.0
},
{
"problemtype": "Lack of encryption of critical data (CWE-311) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011436"
},
{
"db": "NVD",
"id": "CVE-2020-29024"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29024"
},
{
"trust": 1.6,
"url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18013"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011436"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1220"
},
{
"db": "NVD",
"id": "CVE-2020-29024"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-18013"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011436"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1220"
},
{
"db": "NVD",
"id": "CVE-2020-29024"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18013"
},
{
"date": "2021-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011436"
},
{
"date": "2021-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1220"
},
{
"date": "2021-02-16T16:15:12.800000",
"db": "NVD",
"id": "CVE-2020-29024"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18013"
},
{
"date": "2021-04-02T05:27:00",
"db": "JVNDB",
"id": "JVNDB-2020-011436"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1220"
},
{
"date": "2024-11-21T05:23:32.413000",
"db": "NVD",
"id": "CVE-2020-29024"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1220"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0GateManager\u00a0 Vulnerability in lack of encryption of critical data in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011436"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1220"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.