Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation
Vulnerability Description
An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
不充分权限或特权的处理不恰当
Vulnerability Title
Secomea GateManager 安全漏洞
Vulnerability Description
Secomea GateManager是丹麦Secomea公司的一款远程访问服务器产品。 GateManager versions prior to 9.2c 存在安全漏洞,该漏洞源于存在一个不安全的直接对象引用漏洞,攻击者可利用该漏洞可以通过权限升级重置其域或子域的任何用户的密码。
CVSS Information
N/A
Vulnerability Type
N/A