CVE-2021-32004: GateManager does not enforce strict hostname matching for WEB server
First published: Mon Nov 22 2021(Updated: )
This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.
Credit: VulnerabilityReporting@secomea.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Secomea Gatemanager 8250 Firmware | <9.6 | |
| Secomea Gatemanager 8250 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-32004?
CVE-2021-32004 is a vulnerability that affects Secomea GateManager versions prior to 9.6, and allows an attacker to cause browser cache poisoning.
How does CVE-2021-32004 impact Secomea GateManager?
CVE-2021-32004 allows an attacker to exploit the improper check of the host header in the web server of Secomea GateManager, leading to browser cache poisoning.
What is the severity of CVE-2021-32004?
The severity of CVE-2021-32004 is medium, with a severity score of 5.3.
What versions of Secomea GateManager are affected by CVE-2021-32004?
Secomea GateManager versions prior to 9.6 are affected by CVE-2021-32004.
How can I fix CVE-2021-32004?
To fix CVE-2021-32004, it is recommended to update Secomea GateManager to version 9.6 or later.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/secomea
- canonical/secomea gatemanager 8250 firmware