Lucene search
K

15 matches found

BDU FSTEC
BDU FSTEC
added 2025/04/30 12:0 a.m.6 views

The vulnerability in the web-based management interface of SonicWall’s SMA 100 series microprogramming network interfaces allows a hacker to execute arbitrary code.

The vulnerability in the web-based management interface of SonicWall’s SMA 100 series microprogramming system for network interfaces exists due to the lack of protective measures taken against the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitra...

9CVSS7.7AI score0.0389EPSS
Exploits0References3Affected Software6
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.4 views

PT-2024-22670 · Sonicwall · Sonicwall Gms

Name of the Vulnerable Software and Affected Versions: SonicWALL GMS versions 9.3.4 and earlier Description: The issue is related to the use of a hard-coded password in the GMS ECM endpoint, leading to an authentication bypass. This allows remote attackers to bypass authentication on affected...

7.5CVSS7.4AI score0.00884EPSS
Exploits0References11
VulnCheck KEV
VulnCheck KEV
added 2023/11/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-34133

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...

7.5CVSS7.4AI score0.77027EPSS
Exploits2References1
OSV
OSV
added 2023/07/13 3:15 a.m.5 views

CVE-2023-34131

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

5.3CVSS5.8AI score0.00692EPSS
Exploits0References2
OSV
OSV
added 2023/07/13 3:15 a.m.3 views

CVE-2023-34137

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.8CVSS5.8AI score0.00895EPSS
Exploits0References2
OSV
OSV
added 2023/07/13 2:15 a.m.6 views

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.8CVSS5.8AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2023/07/13 1:15 a.m.5 views

CVE-2023-34127

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...

8.8CVSS6.1AI score0.86733EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.5 views

SonicWALL Analytics和GMS 加密问题漏洞

SonicWALL Analytics and SonicWALL GMS are both products of SonicWALL, Inc. of the U.S. SonicWALL Analytics is a high-performance management and reporting engine for the Web.SonicWALL GMS is a global management system. A powerful and intuitive solution for organizations, distributed enterprises an...

9.8CVSS8.3AI score0.0026EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.4 views

PT-2023-3991 · Sonicwall · Sonicwall Gms +1

Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is related to the use of a hard-coded cryptographic key in SonicWall Analytics and SonicWall Global Management System GMS...

7.8CVSS7.3AI score0.00678EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.5 views

SonicWALL GMS和SonicWALL Analytics 信任管理问题漏洞

SonicWALL Analytics and SonicWALL GMS are both products of SonicWALL, Inc. of the U.S. SonicWALL Analytics is a high-performance management and reporting engine for the Web.SonicWALL GMS is a global management system. A powerful and intuitive solution for organizations, distributed enterprises an...

7.5CVSS7.6AI score0.00678EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.5 views

PT-2023-3803 · Sonicwall · Sonicwall Gms +1

Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is related to a lack of restrictions on file uploads, allowing an unauthenticated attacker to upload files to a restricted...

9.8CVSS9.3AI score0.00668EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.7 views

PT-2023-3809 · Sonicwall · Sonicwall Gms +1

Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is related to the use of a password hash instead of the actual password for authentication, allowing for Pass-the-Hash...

9.8CVSS9.5AI score0.06549EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.5 views

PT-2023-3799 · Sonicwall · Sonicwall Gms +1

Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue allows an authenticated attacker to read the administrator password hash via a web service call, due to exposure of...

6.8CVSS7AI score0.01172EPSS
Exploits0References9
OSV
OSV
added 2022/07/29 9:15 p.m.4 views

CVE-2022-22280

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions...

9.8CVSS5.8AI score0.09261EPSS
Exploits0References1
OSV
OSV
added 2021/04/10 7:15 a.m.2 views

CVE-2021-20020

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root...

9.8CVSS5.9AI score0.0373EPSS
Exploits0References1
Rows per page
Query Builder