CVE-2021-32006 - OpenCVE

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Secomea	Gatemanager

Configuration 1 [-]

cpe:2.3:a:secomea:gatemanager:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.secomea.com/support/cybersecurity-advisory/	Not Applicable Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Secomea

Published: 2022-03-07T15:08:16

Updated: 2022-03-07T15:08:16

Reserved: 2021-05-03T00:00:00

Link: CVE-2021-32006

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-03-10T17:42:13.827

Modified: 2022-03-16T03:41:32.710

Link: CVE-2021-32006

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "GateManager", "vendor": "Secomea", "versions": [{"lessThanOrEqual": "9.6.621421014", "status": "affected", "version": "All", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Schlumberger"}], "descriptions": [{"lang": "en", "value": "This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-275", "description": "CWE-275 Permission Issues", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-274", "description": "CWE-274 Improper Handling of Insufficient Privileges", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-07T15:08:16", "orgId": "f2815942-3388-4c08-ba09-6c15850fda90", "shortName": "Secomea"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.secomea.com/support/cybersecurity-advisory/"}], "source": {"defect": ["RD-5018"], "discovery": "EXTERNAL"}, "title": "GateManager information leak for LinkManager Users", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "VulnerabilityReporting@secomea.com", "ID": "CVE-2021-32006", "STATE": "PUBLIC", "TITLE": "GateManager information leak for LinkManager Users"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GateManager", "version": {"version_data": [{"version_affected": "<=", "version_name": "All", "version_value": "9.6.621421014"}]}}]}, "vendor_name": "Secomea"}]}}, "credit": [{"lang": "eng", "value": "Schlumberger"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-275 Permission Issues"}]}, {"description": [{"lang": "eng", "value": "CWE-274 Improper Handling of Insufficient Privileges"}]}]}, "references": {"reference_data": [{"name": "https://www.secomea.com/support/cybersecurity-advisory/", "refsource": "MISC", "url": "https://www.secomea.com/support/cybersecurity-advisory/"}]}, "source": {"defect": ["RD-5018"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90", "assignerShortName": "Secomea", "cveId": "CVE-2021-32006", "datePublished": "2022-03-07T15:08:16", "dateReserved": "2021-05-03T00:00:00", "dateUpdated": "2022-03-07T15:08:16", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:secomea:gatemanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "97FB8BBF-91E8-4C63-AD3C-0F04FA31690C", "versionEndIncluding": "9.6.621421014", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files."}, {"lang": "es", "value": "Este problema afecta a: Secomea GateManager versi\u00f3n 9.6.621421014 y todas las versiones anteriores. Una vulnerabilidad de problemas de permisos en el portal web LinkManager de Secomea GateManager permite al usuario de LinkManager que ha iniciado sesi\u00f3n acceder a archivos de copia de seguridad de SiteManager almacenados"}], "id": "CVE-2021-32006", "lastModified": "2022-03-16T03:41:32.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "VulnerabilityReporting@secomea.com", "type": "Secondary"}]}, "published": "2022-03-10T17:42:13.827", "references": [{"source": "VulnerabilityReporting@secomea.com", "tags": ["Not Applicable", "Vendor Advisory"], "url": "https://www.secomea.com/support/cybersecurity-advisory/"}], "sourceIdentifier": "VulnerabilityReporting@secomea.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-274"}, {"lang": "en", "value": "CWE-275"}], "source": "VulnerabilityReporting@secomea.com", "type": "Secondary"}]}