Vulnerability Details CVE-2020-35736
GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.824
EPSS Ranking 99.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-35736
-
cpe:2.3:a:liftoffsoftware:gateone:1.1