PT-2022-10059 · Secomea · Secomea Gatemanager

Published

2022-03-04

Updated

2022-03-12

CVE-2021-32008

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Secomea GateManager versions prior to 9.6.621421014

Description The issue is related to an improper limitation of a pathname to a restricted directory. This allows a logged-in GateManager admin to delete system files or directories.

Recommendations For versions prior to 9.6.621421014, update to version 9.6.621421014 or later to resolve the issue. As a temporary workaround, consider restricting admin access to the GateManager to minimize the risk of exploitation.

Fix

Files Accessible to External Parties

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552CWE-22

Related Identifiers

CVE-2021-32008

Affected Products

Secomea Gatemanager

PT-2022-10059 · Secomea · Secomea Gatemanager

CVE-2021-32008

Weakness Enumeration

Related Identifiers

Affected Products

References · 4