CVE-2020-29022

Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3

Published: Feb 16, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-29022
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
secomea / gatemanager_4250_firmware	-	-
secomea / gatemanager_4260_firmware	-	-
secomea / gatemanager_9250_firmware	-	-
secomea / gatemanager_8250_firmware	-	9.3

https://www.secomea.com/support/cybersecurity-advisory/#2923

Vulnerability Database

290,273

CVE-2020-29022