Vulnerability Description
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Secomea | Gatemanager 4250 Firmware | All versions |
| Secomea | Gatemanager 4250 | - |
| Secomea | Gatemanager 4260 Firmware | All versions |
| Secomea | Gatemanager 4260 | - |
| Secomea | Gatemanager 9250 Firmware | All versions |
| Secomea | Gatemanager 9250 | - |
| Secomea | Gatemanager 8250 Firmware | < 9.3 |
| Secomea | Gatemanager 8250 | - |
Related Weaknesses (CWE)
References
- https://www.secomea.com/support/cybersecurity-advisory/#2418Vendor Advisory
- https://www.secomea.com/support/cybersecurity-advisory/#2418Vendor Advisory
FAQ
What is CVE-2020-29024?
CVE-2020-29024 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects...
How severe is CVE-2020-29024?
CVE-2020-29024 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-29024?
Check the references section above for vendor advisories and patch information. Affected products include: Secomea Gatemanager 4250 Firmware, Secomea Gatemanager 4250, Secomea Gatemanager 4260 Firmware, Secomea Gatemanager 4260, Secomea Gatemanager 9250 Firmware.