{"containers": {"cna": {"affected": [{"product": "GateManager", "vendor": "Secomea", "versions": [{"lessThan": "9.2c", "status": "affected", "version": "All", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-02-15T15:48:30", "orgId": "f2815942-3388-4c08-ba09-6c15850fda90", "shortName": "Secomea"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.secomea.com/support/cybersecurity-advisory/#2918"}], "source": {"defect": ["RD-2918"], "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "VulnerabilityReporting@secomea.com", "ID": "CVE-2020-29026", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GateManager", "version": {"version_data": [{"version_affected": "<", "version_name": "All", "version_value": "9.2c"}]}}]}, "vendor_name": "Secomea"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://www.secomea.com/support/cybersecurity-advisory/#2918", "refsource": "MISC", "url": "https://www.secomea.com/support/cybersecurity-advisory/#2918"}]}, "source": {"defect": ["RD-2918"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:48:01.207Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.secomea.com/support/cybersecurity-advisory/#2918"}]}]}, "cveMetadata": {"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90", "assignerShortName": "Secomea", "cveId": "CVE-2020-29026", "datePublished": "2021-02-15T15:48:30", "dateReserved": "2020-11-24T00:00:00", "dateUpdated": "2024-08-04T16:48:01.207Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "961FED65-FA19-40DA-8DEB-5950D67FE5AA", "versionEndExcluding": "9.2c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*", "matchCriteriaId": "5089C475-2013-4DF6-AD1E-12F576ACAE8E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:secomea:gatemanager_4250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1FB8107-437D-4900-BA64-2928E33A13C2", "versionEndExcluding": "9.0i", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:secomea:gatemanager_4250:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DB6136A-5440-4980-940D-CD178DC219B8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:secomea:gatemanager_4260_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE7495A8-DCDD-4CE8-9D32-85BC9C5A4288", "versionEndExcluding": "9.0i", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:secomea:gatemanager_4260:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B546E62-81BB-4ED8-87C9-41BD79484AD0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:secomea:gatemanager_9250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B1EB5FA-451C-45E2-8D5F-7E88995D06BF", "versionEndExcluding": "9.0i", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:secomea:gatemanager_9250:-:*:*:*:*:*:*:*", "matchCriteriaId": "68DE2092-2EA1-4D49-84EB-20BE2CD7B113", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de salto de directorio en la funci\u00f3n file upload del GateManager que permite a un atacante autenticado con permisos administrativos leer y escribir archivos arbitrarios en el sistema de archivos de Linux.&#xa0;Este problema afecta a: GateManager todas las versiones anteriores a 9.2c"}], "id": "CVE-2020-29026", "lastModified": "2024-11-21T05:23:32.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "VulnerabilityReporting@secomea.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-15T16:15:14.527", "references": [{"source": "VulnerabilityReporting@secomea.com", "tags": ["Vendor Advisory"], "url": "https://www.secomea.com/support/cybersecurity-advisory/#2918"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.secomea.com/support/cybersecurity-advisory/#2918"}], "sourceIdentifier": "VulnerabilityReporting@secomea.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "VulnerabilityReporting@secomea.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}