Vulnerability Details : CVE-2021-32004
This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.
Exploit prediction scoring system (EPSS) score for CVE-2021-32004
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 30 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-32004
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
[email protected] |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
[email protected] |
|
3.7
|
LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
2.2
|
1.4
|
[email protected] |
CWE ids for CVE-2021-32004
-
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.Assigned by: [email protected] (Secondary)
References for CVE-2021-32004
-
https://www.secomea.com/support/cybersecurity-advisory/#4578
Vendor Advisory
Products affected by CVE-2021-32004
- cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:*