Lucene search

SecomeaCVE-2023-3675

HistoryApr 18, 2024 - 11:15 a.m.

CVE-2023-3675

2024-04-1811:15:36

CWE-22

Secomea

web.nvd.nist.gov

cve-2023-3675

improper limitation

path traversal

secomea gatemanager

web gui

reading data

system resources

gatemanager 11.0.623074018

gatemanager 11.0.623373051

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

10.5%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Secomea GateManager (Web GUI) allows Reading Data from System Resources.This issue affects GateManager: from 11.0.623074018 before 11.0.623373051.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Web GUI"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "GateManager",
    "vendor": "Secomea",
    "versions": [
      {
        "lessThan": "11.0.623373051",
        "status": "affected",
        "version": "11.0.623074018",
        "versionType": "custom"
      }
    ]
  }
]

References

www.secomea.com/support/cybersecurity-advisory

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

10.5%

JSON

Related for CVE-2023-3675