CVE-2020-29031

High

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset…

Secomea·CWE-280·Published 2021-02-15

CVSS

8.1

EPSS

0.01

KEV

Exploits

cve.orgen

283 chars

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c

NVDen

283 chars

NVDes

353 chars

Se presenta una vulnerabilidad de Referencia Directa a Objetos No Segura en la Interfaz de Usuario Web de GateManager que permite a un atacante autenticado restablecer la contraseña de cualquier usuario en su dominio o subdominio, por medio de una escalada de privilegios. Este problema afecta a todas las versiones de GateManager anteriores a 9.2c

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.5	8.0	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N
3.1	Primary	NVD	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.1	Primary	cve.org	7.1	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
3.1	Primary	cve.org	7.1	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
3.1	Secondary	NVD	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N