CVE-2021-32004 LOW

CVE-2021-32004: GateManager does not enforce strict hostname matching for WEB server

Vendor Secomea
Product GateManager
Weakness CWE-923
Published November 22, 2021
Last update August 3, 2024

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.

Key dates

02Disclosure timeline

November 22, 2021 CVE published
August 3, 2024 Record updated