Sign-up

ID

VAR-202203-0965


CVE

CVE-2021-32006


TITLE

Secomea  of  gatemanager  Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2021-018822

DESCRIPTION

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files. Secomea of gatemanager There is a vulnerability in improper default permissions.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-32006 // JVNDB: JVNDB-2021-018822

AFFECTED PRODUCTS

vendor:secomeamodel:gatemanagerscope:lteversion:9.6.621421014

Trust: 1.0

vendor:secomeamodel:gatemanagerscope:eqversion: -

Trust: 0.8

vendor:secomeamodel:gatemanagerscope: - version: -

Trust: 0.8

vendor:secomeamodel:gatemanagerscope:lteversion:9.6.621421014 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2021-018822 // NVD: CVE-2021-32006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-32006
value: MEDIUM

Trust: 1.0

VulnerabilityReporting@secomea.com: CVE-2021-32006
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-32006
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202203-994
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2021-32006
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-32006
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

VulnerabilityReporting@secomea.com: CVE-2021-32006
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-32006
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-018822 // CNNVD: CNNVD-202203-994 // NVD: CVE-2021-32006 // NVD: CVE-2021-32006

PROBLEMTYPE DATA

problemtype:CWE-275

Trust: 1.0

problemtype:CWE-274

Trust: 1.0

problemtype:CWE-276

Trust: 1.0

problemtype:Inappropriate default permissions (CWE-276) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-018822 // NVD: CVE-2021-32006

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-994

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-994

PATCH

title:Secomea GateManager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186101

Trust: 0.6

sources: CNNVD: CNNVD-202203-994

EXTERNAL IDS

db:NVDid:CVE-2021-32006

Trust: 3.2

db:JVNDBid:JVNDB-2021-018822

Trust: 0.8

db:CNNVDid:CNNVD-202203-994

Trust: 0.6

sources: JVNDB: JVNDB-2021-018822 // CNNVD: CNNVD-202203-994 // NVD: CVE-2021-32006

REFERENCES

url:https://www.secomea.com/support/cybersecurity-advisory/

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-32006

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-32006/

Trust: 0.6

sources: JVNDB: JVNDB-2021-018822 // CNNVD: CNNVD-202203-994 // NVD: CVE-2021-32006

SOURCES

db:JVNDBid:JVNDB-2021-018822
db:CNNVDid:CNNVD-202203-994
db:NVDid:CVE-2021-32006

LAST UPDATE DATE

2024-08-14T14:31:19.274000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-018822date:2023-07-06T08:14:00
db:CNNVDid:CNNVD-202203-994date:2022-03-17T00:00:00
db:NVDid:CVE-2021-32006date:2022-03-16T03:41:32.710

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-018822date:2023-07-06T00:00:00
db:CNNVDid:CNNVD-202203-994date:2022-03-10T00:00:00
db:NVDid:CVE-2021-32006date:2022-03-10T17:42:13.827