PT-2021-11630 · Secomea · Secomea Gatemanager

Published

2021-02-16

Updated

2021-02-26

CVE-2020-29023

CVSS v2.0

4.9

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Secomea GateManager versions prior to 9.3

Description: The issue is related to improper encoding or escaping of output from the CSV Report Generator, allowing an authenticated administrator to generate a CSV file that can run arbitrary commands on a victim's computer when opened in a spreadsheet program, such as Excel.

Recommendations: For Secomea GateManager versions prior to 9.3, update to version 9.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the CSV Report Generator until a patch is applied. Restrict access to the CSV Report Generator feature to minimize the risk of exploitation.

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116

Related Identifiers

CVE-2020-29023

Affected Products

Secomea Gatemanager

PT-2021-11630 · Secomea · Secomea Gatemanager

CVE-2020-29023

Weakness Enumeration

Related Identifiers

Affected Products

References · 5