Vulnerabilities > Secomea > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-16 | CVE-2020-29024 | Missing Encryption of Sensitive Data vulnerability in Secomea products Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. | 5.3 |
| 2021-02-16 | CVE-2020-29022 | Unspecified vulnerability in Secomea products Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. | 5.3 |
| 2021-02-15 | CVE-2020-29026 | Path Traversal vulnerability in Secomea products A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. | 6.5 |
| 2021-02-08 | CVE-2020-29021 | Cross-site Scripting vulnerability in Secomea products A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. | 4.8 |