← Back

Gateone

gateone

Vendor: Liftoffsoftware • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-35736
1Liftoffsoftware
1Gateone
Nov 21, 2024
Dec 27, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused.
CVE-2020-20184
1Liftoffsoftware
1Gateone
Nov 21, 2024
Dec 14, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection.