15 matches found
The vulnerability in the web-based management interface of SonicWall’s SMA 100 series microprogramming network interfaces allows a hacker to execute arbitrary code.
The vulnerability in the web-based management interface of SonicWall’s SMA 100 series microprogramming system for network interfaces exists due to the lack of protective measures taken against the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitra...
PT-2024-22670 · Sonicwall · Sonicwall Gms
Name of the Vulnerable Software and Affected Versions: SonicWALL GMS versions 9.3.4 and earlier Description: The issue is related to the use of a hard-coded password in the GMS ECM endpoint, leading to an authentication bypass. This allows remote attackers to bypass authentication on affected...
VulnCheck KEV: CVE-2023-34133
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...
CVE-2023-34131
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
CVE-2023-34137
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
CVE-2023-34130
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
CVE-2023-34127
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...
SonicWALL Analytics和GMS 加密问题漏洞
SonicWALL Analytics and SonicWALL GMS are both products of SonicWALL, Inc. of the U.S. SonicWALL Analytics is a high-performance management and reporting engine for the Web.SonicWALL GMS is a global management system. A powerful and intuitive solution for organizations, distributed enterprises an...
PT-2023-3991 · Sonicwall · Sonicwall Gms +1
Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is related to the use of a hard-coded cryptographic key in SonicWall Analytics and SonicWall Global Management System GMS...
SonicWALL GMS和SonicWALL Analytics 信任管理问题漏洞
SonicWALL Analytics and SonicWALL GMS are both products of SonicWALL, Inc. of the U.S. SonicWALL Analytics is a high-performance management and reporting engine for the Web.SonicWALL GMS is a global management system. A powerful and intuitive solution for organizations, distributed enterprises an...
PT-2023-3803 · Sonicwall · Sonicwall Gms +1
Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is related to a lack of restrictions on file uploads, allowing an unauthenticated attacker to upload files to a restricted...
PT-2023-3809 · Sonicwall · Sonicwall Gms +1
Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is related to the use of a password hash instead of the actual password for authentication, allowing for Pass-the-Hash...
PT-2023-3799 · Sonicwall · Sonicwall Gms +1
Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue allows an authenticated attacker to read the administrator password hash via a web service call, due to exposure of...
CVE-2022-22280
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions...
CVE-2021-20020
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root...