CVE-2020-29031 HIGH

CVE-2020-29031: Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation

Vendor Secomea
Product GateManager
Weakness CWE-280
Published February 15, 2021
Last update August 4, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c

Key dates

02Disclosure timeline

February 15, 2021 CVE published
August 4, 2024 Record updated