Vulnerability Description
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Secomea | Gatemanager 4250 Firmware | All versions |
| Secomea | Gatemanager 4250 | - |
| Secomea | Gatemanager 4260 Firmware | All versions |
| Secomea | Gatemanager 4260 | - |
| Secomea | Gatemanager 9250 Firmware | All versions |
| Secomea | Gatemanager 9250 | - |
| Secomea | Gatemanager 8250 Firmware | < 9.3 |
| Secomea | Gatemanager 8250 | - |
Related Weaknesses (CWE)
References
- https://www.secomea.com/support/cybersecurity-advisory/#2923Vendor Advisory
- https://www.secomea.com/support/cybersecurity-advisory/#2923Vendor Advisory
FAQ
What is CVE-2020-29022?
CVE-2020-29022 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior ...
How severe is CVE-2020-29022?
CVE-2020-29022 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-29022?
Check the references section above for vendor advisories and patch information. Affected products include: Secomea Gatemanager 4250 Firmware, Secomea Gatemanager 4250, Secomea Gatemanager 4260 Firmware, Secomea Gatemanager 4260, Secomea Gatemanager 9250 Firmware.