Lucene search
K
SonicwallMost viewed

201 matches found

SonicWall
SonicWall
added 2020/10/12 9:10 a.m.7 views

SonicOS SSLVPN and Virtual assist service authenticated buffer overflow leads to firewall crash

A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service DoS in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and...

6.5CVSS7AI score0.01104EPSS
Exploits0
SonicWall
SonicWall
added 2020/10/12 8:56 a.m.7 views

Unauthenticated Denial of Service (DoS) vulnerability in the SonicOS due to buffer overflow leads to firewall crash

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5133 Last updated: Oct. 20, 2020, 8:56 a....

8.2CVSS7.1AI score0.01733EPSS
Exploits0
SonicWall
SonicWall
added 2019/12/23 8:0 p.m.7 views

Email Security Weak Default Credential

Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance up to 10.0.2, 9.2.3 and earlier. CVE: CVE-2019-7488 Last updated: Dec. 23, 2019, 8 p.m...

7.1CVSS7.1AI score0.01894EPSS
Exploits0
SonicWall
SonicWall
added 2019/12/18 8:16 p.m.7 views

SonicWall SMA100 Authenticated Code injection

Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier. CVE: CVE-2019-7486 Last updated: March 6, 2020, 5:42 a.m...

8.1CVSS7.8AI score0.01582EPSS
Exploits0
SonicWall
SonicWall
added 2019/12/18 7:42 p.m.7 views

SonicWall SMA100 Authenticated Buffer Overflow

Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7485 Last updated: March 6, 2020, 4:42 a.m...

8CVSS7.8AI score0.0153EPSS
Exploits0
SonicWall
SonicWall
added 2019/12/17 9:0 p.m.7 views

SonicWall SMA100 Pre-authentication directory traversal

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. CVE: CVE-2019-7483 Last updated: March 6, 2020, 4:42 a.m...

7.5CVSS7.5AI score0.03977EPSS
Exploits0
SonicWall
SonicWall
added 2019/06/18 12:0 a.m.7 views

TCP SACK Panic - Linux Kernel Vulnerability

Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel...

7.5CVSS7.1AI score0.94686EPSS
Exploits1
SonicWall
SonicWall
added 2019/04/11 11:0 a.m.7 views

SonicWall Global Management System (GMS) Deprecated SSH keys Vulnerability

A vulnerability in SonicWall Global Management System GMS, allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. CVE: CVE-2019-7476 Last updated: April 26, 2019, 11 a.m...

8.1CVSS7.1AI score0.01363EPSS
Exploits0
SonicWall
SonicWall
added 2015/05/01 3:59 p.m.7 views

Dell SonicWALL Secure Remote Access Products CVE-2015-2248 Cross Site Request Forgery Vulnerability

Cross-site request forgery CSRF vulnerability in the user portal in Dell SonicWALL Secure Remote Access SRA products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request...

6.8CVSS7.4AI score0.03958EPSS
Exploits2
SonicWall
SonicWall
added 2014/07/16 2:19 p.m.7 views

Dell SonicWALL Scrutinizer Multiple Security Vulnerabilities

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...

6.5CVSS7.9AI score0.74932EPSS
Exploits5
SonicWall
SonicWall
added 2012/09/15 5:55 p.m.7 views

SonicWall Viewpoint 'scheduleID' Parameter SQL Injection Vulnerability

SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter. CVE: CVE-2011-5169 Last updated: Sept. 17, 2012, 3:14 p.m...

7.5CVSS8.6AI score0.01118EPSS
Exploits1
SonicWall
SonicWall
added 2012/07/30 10:55 p.m.7 views

Dell SonicWALL Scrutinizer 'q' Parameter SQL Injection Vulnerability

SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter. CVE: CVE-2012-2962 Last updated: March 12, 2018, 5:21 p.m...

6.5CVSS7.7AI score0.66828EPSS
Exploits7
SonicWall
SonicWall
added 2009/12/04 11:30 a.m.7 views

Multiple Vendor Clientless SSL VPN Products Same Origin Policy Bypass Vulnerability

Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in...

6.8CVSS6.5AI score0.05134EPSS
Exploits0
SonicWall
SonicWall
added 2007/12/07 11:46 a.m.7 views

SonicWALL Global VPN Client Remote Format String Vulnerability

Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the 1 Hostname tag or the 2 name attribute in the Connection tag. NOTE: there might...

9.3CVSS7.7AI score0.06199EPSS
Exploits1
SonicWall
SonicWall
added 2005/05/02 4:0 a.m.7 views

SonicWALL SOHO Web Interface Multiple Remote Input Validation Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via 1 the URL or 2 the user login name, which is not filtered when the administrator views the log file. CVE: CVE-2005-1006 Last updated: July 11, 2017, 1:32 a...

4.3CVSS5.6AI score0.06296EPSS
Exploits1
SonicWall
SonicWall
added 2025/12/17 1:51 p.m.6 views

SonicWall SMA1000 appliance local privilege escalation vulnerability

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console AMC. Please note that SonicWall Firewall products are not affected by this vulnerability. CVE: CVE-2025-40602 Last updated: Dec. 18, 2025, 11:34 a.m...

6.6CVSS6.1AI score0.0191EPSS
Exploits1
SonicWall
SonicWall
added 2025/09/22 6:27 p.m.6 views

SonicWall SMA100 10.2.2.2-92sv With Additional File Checking

SonicWall SMA 100 10.2.2.2-92sv build has been released with additional file checking, providing the capability to remove known rootkit malware present on the SMA devices. While this is a valuable security step and a necessary measure to protect our customers, it’s equally important to clarify th...

6.7AI score
Exploits0
SonicWall
SonicWall
added 2022/01/05 6:38 p.m.6 views

SonicOS SessionID Buffer Overflow via HTTP response

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service DoS and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 6 and Gen 7 firmware versions. CVE: CVE-2021-20048...

5.3CVSS7.6AI score0.01939EPSS
Exploits0
SonicWall
SonicWall
added 2021/04/10 1:8 a.m.6 views

SonicWall GMS 9.3 unauthenticated remote command execution vulnerability

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. CVE: CVE-2021-20020 Last updated: April 10, 2021, 1:08 a.m...

9.8CVSS7.2AI score0.0373EPSS
Exploits0
SonicWall
SonicWall
added 2021/03/13 1:4 a.m.6 views

SonicWall SMA100 post-authenticated remote command injection

A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. CVE: CVE-2021-20017 Last updated: March 13, 2021, 1:04 a.m...

7.2CVSS7.6AI score0.01849EPSS
Exploits0
SonicWall
SonicWall
added 2020/10/12 9:4 a.m.6 views

Denial of Service (DoS) vulnerability in the SonicOS due to buffer overflow and potentially execute arbitrary code

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service DoS and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE:...

9.4CVSS8.2AI score0.26869EPSS
Exploits0
SonicWall
SonicWall
added 2020/10/12 9:0 a.m.6 views

SonicOS out-of-bound invalid file reference leads to firewall crash

A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5134 Last updated: Oct. 20, 2020, 9 a.m...

6.5CVSS6.6AI score0.0111EPSS
Exploits0
SonicWall
SonicWall
added 2019/04/01 8:0 p.m.6 views

SonicOS & SonicOSv CBC Cipher TLS Padding Vulnerability

A vulnerability in SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8,...

7.5CVSS6.7AI score0.01192EPSS
Exploits0
SonicWall
SonicWall
added 2018/08/15 5:0 p.m.6 views

Foreshadow- L1 Terminal Fault: VMM

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. CVE:...

7.1CVSS5.9AI score0.08101EPSS
Exploits0
SonicWall
SonicWall
added 2018/01/08 9:29 a.m.6 views

Dell SonicWall SonicOS NSA CVE-2018-5280 HTML Injection Vulnerability

SonicWall SonicOS on Network Security Appliance NSA 2016 Q4 devices has XSS via the Configure SSO screens. CVE: CVE-2018-5280 Last updated: Jan. 30, 2018, 4:04 p.m...

5.4CVSS5.8AI score0.02507EPSS
Exploits3
SonicWall
SonicWall
added 2018/01/08 9:29 a.m.6 views

Dell SonicWall SonicOS NSA CVE-2018-5281 Multiple HTML Injection Vulnerabilities

SonicWall SonicOS on Network Security Appliance NSA 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. CVE: CVE-2018-5281 Last updated: Jan. 30, 2018, 4:12 p.m...

5.4CVSS5.9AI score0.02529EPSS
Exploits3
SonicWall
SonicWall
added 2017/02/22 5:59 a.m.6 views

Dell SonicWall Secure Remote Access Multiple Command Injection Vulnerabilities

The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI /cgi-bin/diagnostics component responsible for emailing out information about the...

9.8CVSS9.6AI score0.23296EPSS
Exploits5
SonicWall
SonicWall
added 2015/04/29 8:59 p.m.6 views

Dell SonicWall SonicOS 'macIpSpoofView.html' Multiple Cross Site Scripting Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the 1 searchSpoof or 2 searchSpoofIpDet parameter. CVE: CVE-2015-3447 Last updated: March 9, 2018, 4:20 p.m...

4.3CVSS5.8AI score0.02355EPSS
Exploits3
SonicWall
SonicWall
added 2014/03/24 4:39 p.m.6 views

Dell SonicWALL NSA 2400 'stats/dashboard.jsp' Cross Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in the Dashboard Backend service stats/dashboard.jsp in SonicWall Network Security Appliance NSA 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter. CVE: CVE-2014-2589 Last updated: March 12, 2018, 4:19 p.m...

4.3CVSS5.8AI score0.02421EPSS
Exploits3
SonicWall
SonicWall
added 2007/11/05 6:46 p.m.6 views

SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities

Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long 1 serverAddress, 2 sessionId, 3 clientIPLower, 4 clientIPHigher, 5 userName, 6 domainName, or 7...

9.3CVSS7.5AI score0.05723EPSS
Exploits1
SonicWall
SonicWall
added 2002/12/31 5:0 a.m.6 views

SonicWALL Content Filtering IP addresses can bypass URL filtering

SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name. CVE: CVE-2002-2181 Last updated: Sept. 5, 2008, 8:32 p.m...

5CVSS6.6AI score0.01292EPSS
Exploits0
SonicWall
SonicWall
added 2001/01/09 5:0 a.m.6 views

Soho Firewall CVE-2000-1098 Denial-Of-Service Vulnerability

The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request. CVE: CVE-2000-1098 Last updated: Sept. 5, 2008, 8:22 p.m...

5CVSS7AI score0.01291EPSS
Exploits0
SonicWall
SonicWall
added 2025/10/30 10:40 a.m.5 views

SonicWall SMA100 Potential Exposure of Sensitive Information in Log File

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.SonicWall strongly recommends that users of the SMA 100 series products SMA 210, 410, an...

4.5CVSS6.3AI score0.00437EPSS
Exploits0
SonicWall
SonicWall
added 2025/01/07 11:40 a.m.5 views

Integer-Based Buffer Overflow Vulnerability In SonicOS via IPSec

A Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.SonicWall PSIRT is not aware of active exploitation in the wild...

5.3CVSS8.2AI score0.00786EPSS
Exploits0
SonicWall
SonicWall
added 2020/10/12 9:43 a.m.5 views

SonicOS SSLVPN service unauthenticated malicious HTTP request leads to memory addresses leak

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7,...

7.5CVSS7AI score0.01742EPSS
Exploits0
SonicWall
SonicWall
added 2019/12/18 10:11 p.m.5 views

SonicOS SSLVPN NACAgent 3.5 windows binary is vulnerable to Unquoted Service Path Privilege Escalation vulnerability

Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. CVE: CVE-2019-7487 Last updated: Dec. 18, 2019, 10:11 p.m...

7CVSS7.2AI score0.00462EPSS
Exploits0
SonicWall
SonicWall
added 2019/06/18 12:0 a.m.5 views

TCP SACK Panic - Linux Kernel Vulnerability

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

7.5CVSS7.1AI score0.9166EPSS
Exploits1
SonicWall
SonicWall
added 2019/06/18 12:0 a.m.5 views

TCP SACK Panic - Linux Kernel Vulnerability

Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...

7.5CVSS7.2AI score0.98745EPSS
Exploits4
SonicWall
SonicWall
added 2018/05/24 12:0 a.m.5 views

Speculative Store Bypass (SSB) – also known as Variant 4

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

4.3CVSS6.5AI score0.60631EPSS
Exploits2
SonicWall
SonicWall
added 2014/02/14 4:55 p.m.5 views

Multiple Dell SonicWALL Products '/sgms/mainPage' Page Cross Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the nodeid parameter in a ScreenDisplayManager genNetwork...

4.3CVSS5.8AI score0.02761EPSS
Exploits1
SonicWall
SonicWall
added 2001/06/18 4:0 a.m.5 views

Tele2 CVE-2001-0376 Remote Security Vulnerability

SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack t...

7.5CVSS7.1AI score0.01351EPSS
Exploits0
SonicWall
SonicWall
added 2022/08/24 3:57 p.m.4 views

SMA100 Exposure of Sensitive Information to an Unauthorized Actor

A vulnerability in the SonicWall SMA100 appliance could potentially expose sensitive information i.e., third-party packages and library versions used in the appliance firmware to a pre-authenticated actor.IMPORTANT: SMA 1000 series products are not affected by this vulnerability. CVE: None Last...

5.3CVSS6.7AI score
Exploits0
SonicWall
SonicWall
added 2022/07/13 5:32 p.m.4 views

OpenSSL c_rehash script allows command injection CVE-2022-1292

A critical vulnerability CVE-2022-1292 was found in OpenSSL crehash script. This is due to shell metacharacters not being properly sanitized, resulting in command injection. An attacker could execute arbitrary commands with the privileges of the script.After review, it has been determined that...

9.8CVSS10AI score0.83223EPSS
Exploits5
SonicWall
SonicWall
added 2021/09/23 9:20 p.m.4 views

Security Weakness Resulting in Potential Local Privilege Escalation When HA (High Availability) is Active

A weakness in the SMA100 Series exists when High Availability HA pair is active, potentially permitting an operation at a privilege's level that is higher than the minimum level required. If a malicious actor obtains a 'nobody' user shell on an impacted SMA100 device, this can potentially lead to...

4.7CVSS7.4AI score
Exploits0
SonicWall
SonicWall
added 2021/01/06 9:25 p.m.4 views

Amnesia 33 vulnerabilities

Amnesia 33 vulnerabilities impacts four open source TCP/IP stacks uIP, FNET, picoTCP and Nut/Net libraries which are used in millions of smart IOT and embedded devices. These four open source TCP/IP stacks libraries are not used in the SonicWall firewall products. CVE: N/A Last updated: Jan. 6,...

9.8CVSS7.3AI score
Exploits0
SonicWall
SonicWall
added 2020/12/15 9:41 p.m.4 views

NAT Slipstreaming (CVE-2020-28041)

SonicWall Firewalls are not vulnerable to the NAT Slipstreaming attack.SonicWall Firewall does not open an alternative port set in the SIP packet header, results in an invalid connection, and packets are dropped. CVE: CVE-2020-28041 Last updated: Dec. 15, 2020, 9:41 p.m...

4.3CVSS6.8AI score0.01975EPSS
Exploits1
SonicWall
SonicWall
added 2010/11/03 1:37 p.m.4 views

SonicWALL SSL-VPN E-Class ActiveX Control Multiple Buffer Overflow Vulnerabilities

Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control Aventail.EPInstaller before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long 1 CabURL and 2 Location arguments to the Install3rdPartyComponent method. CVE:...

9.3CVSS8.4AI score0.04756EPSS
Exploits0
SonicWall
SonicWall
added 2022/02/07 6:9 p.m.3 views

SMA1000 SNMP Null pointer exception bug in Net-SNMP vendor packet resulting in SNMP DoS

A Null pointer exception bug in Net-SNMP vendor 5.9.0 and earlier packet allows a remote authenticated attacker to cause SMA1000 SNMP Denial of Service DoS by an insufficient check of null pointer. CVE: N/A Last updated: Feb. 7, 2022, 6:09 p.m...

4.4CVSS6.7AI score
Exploits0
SonicWall
SonicWall
added 2020/09/08 7:12 a.m.3 views

SonicWall SSL-VPN Products security misconfiguration leads to possible domain name collision vulnerability

SonicWall SSL-VPN products web interface has the option to publicly display their organization’s internal domain names in the Domain drop-down menu. An attacker with knowledge of an organization’s internal domain name can potentially take advantage of a DNS flaw known as domain name collision.A...

5.3CVSS7AI score
Exploits0
SonicWall
SonicWall
added 2020/08/25 7:30 p.m.2 views

Insecure Direct Object Reference vulnerability in the mysonicwall.com add-user API

An insecure direct object reference vulnerability has been identified in the users/add-user API endpoint of mysonicwall.com. This could allow a normal authenticated mysonicwall user to manipulate API parameter and gain access to user group of tenant of any other mysonicwall user account. CVE: N/A...

9.9CVSS7AI score
Exploits0
Total number of security vulnerabilities201