admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-290xx/CVE-2020-29023.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

250 lines
7.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-29023",
"sourceIdentifier": "VulnerabilityReporting@secomea.com",
"published": "2021-02-16T16:15:12.707",
"lastModified": "2024-11-21T05:23:32.180",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3."
},
{
"lang": "es",
"value": "Una Codificaci\u00f3n o Escape Inapropiado de la Salida de CSV Report Generator de Secomea GateManager, permite a un administrador autenticado generar un archivo CSV que puede ejecutar comandos arbitrarios en la computadora de la v\u00edctima cuando se abre en un programa de hoja de c\u00e1lculo (como Excel). Este problema afecta: Secomea GateManager todas las versiones anteriores a 9.3"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "VulnerabilityReporting@secomea.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"baseScore": 4.9,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "VulnerabilityReporting@secomea.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:secomea:gatemanager_4250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA20EA3-F08F-4EEC-993D-CFF3B64FEF8D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:secomea:gatemanager_4250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB6136A-5440-4980-940D-CD178DC219B8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:secomea:gatemanager_4260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "048A7B3B-193A-475A-B764-AB6434757028"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:secomea:gatemanager_4260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B546E62-81BB-4ED8-87C9-41BD79484AD0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:secomea:gatemanager_9250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1BAF966-A1EE-4B37-BE84-BF137449C6FF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:secomea:gatemanager_9250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68DE2092-2EA1-4D49-84EB-20BE2CD7B113"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.3",
"matchCriteriaId": "5E0BA172-4047-4D60-9F37-A81EC4622376"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5089C475-2013-4DF6-AD1E-12F576ACAE8E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.secomea.com/support/cybersecurity-advisory/",
"source": "VulnerabilityReporting@secomea.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.secomea.com/support/cybersecurity-advisory/#2418",
"source": "VulnerabilityReporting@secomea.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.secomea.com/support/cybersecurity-advisory/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.secomea.com/support/cybersecurity-advisory/#2418",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink