Lucene search
K
SonicwallAnalytics

17 matches found

CVE
CVE
added 2023/07/13 12:14 a.m.284 views

CVE-2023-34124

CVE-2023-34124 affects SonicWall Global Management System (GMS) and Analytics Web Services. The root cause is insufficient authentication checks that allow bypass, impacting GMS versions up to 9.3.2-SP1 and Analytics up to 2.5.0.4-R7 and earlier. The issue enables unauthorized access; multiple co...

9.8CVSS9.6AI score0.40891EPSS
In wild
CVE
CVE
added 2023/07/13 2:28 a.m.209 views

CVE-2023-34133

CVE-2023-34133 is an SQL Injection affecting SonicWall GMS and Analytics (GMS 9.3.2-SP1 and earlier; Analytics 2.5.0.4-R7 and earlier). An unauthenticated attacker can extract data from the application database. Public materials reference SQLi in SonicWall GMS/Analytics and mention updated fixes;...

7.5CVSS8.7AI score0.77027EPSS
In wild
CVE
CVE
added 2023/07/12 11:16 p.m.197 views

CVE-2023-34123

CVE-2023-34123 describes a hard-coded cryptographic key vulnerability in SonicWall GMS (versions up to 9.3.2-SP1) and SonicWall Analytics (up to 2.5.0.4-R7). Connected PT-Security advisory notes the issue and recommends upgrading to fixed builds; The THN and NCSC/NV references indicate fixes exis...

7.5CVSS8AI score0.00678EPSS
In wild
CVE
CVE
added 2023/07/13 12:47 a.m.193 views

CVE-2023-34127

CVE-2023-34127 describes an OS Command Injection in SonicWall GMS and SonicWall Analytics. An authenticated attacker can execute arbitrary code with root privileges. Affected products/versions: SonicWall GMS 9.3.2-SP1 and earlier; SonicWall Analytics 2.5.0.4-R7 and earlier. The available descript...

8.8CVSS9.4AI score0.86733EPSS
In wild
CVE
CVE
added 2023/07/13 2:43 a.m.180 views

CVE-2023-34137

CVE-2023-34137 concerns an authentication bypass in SonicWall GMS and Analytics due to CAS Web Services using static credentials. Affected: GMS 9.3.2-SP1 and earlier; Analytics 2.5.0.4-R7 and earlier. Consequence: unauthorized access to data/operations via CAS authentication bypass. Mitigation: f...

9.8CVSS9.6AI score0.00895EPSS
In wild
CVE
CVE
added 2023/07/13 2:24 a.m.179 views

CVE-2023-34132

CVE-2023-34132 concerns SonicWall GMS and Analytics where authentication uses a password hash instead of the actual password, enabling Pass-the-Hash style attacks. Affected: GMS versions 9.3.2-SP1 and earlier; Analytics versions 2.5.0.4-R7 and earlier. The underlying issue is password-hash based ...

9.8CVSS9.7AI score0.06549EPSS
In wild
CVE
CVE
added 2023/07/13 2:35 a.m.178 views

CVE-2023-34134

CVE-2023-34134 affects SonicWall GMS (9.3.2-SP1 and earlier) and Analytics (2.5.0.4-R7 and earlier): an authenticated attacker could read the administrator password hash via a web service call. Root cause is exposure of sensitive information. Remediation: update to SonicWall GMS 9.3.3 and Analyti...

6.5CVSS7.5AI score0.01172EPSS
In wild
CVE
CVE
added 2023/07/13 1:6 a.m.177 views

CVE-2023-34130

CVE-2023-34130 affects SonicWall GMS (versions 9.3.2-SP1 and earlier) and SonicWall Analytics (versions 2.5.0.4-R7 and earlier). The root cause is use of an outdated encryption algorithm (TEA) with a hardcoded key to encrypt sensitive data, per the CVE description. The NVD metrics indicate a CRIT...

9.8CVSS9.3AI score0.0026EPSS
In wild
CVE
CVE
added 2023/07/13 2:20 a.m.165 views

CVE-2023-34131

The PT-2023-3806 entry confirms SonicWall GMS versions 9.3.2-SP1 and earlier and Analytics 2.5.0.4-R7 and earlier have an exposure vulnerability that allows an unauthenticated attacker to access restricted web pages due to lack of protection for service data. Remediation: upgrade to newer fixed v...

5.3CVSS6.1AI score0.00692EPSS
In wild
CVE
CVE
added 2023/07/13 2:37 a.m.165 views

CVE-2023-34135

Summary: CVE-2023-34135 covers a path traversal vulnerability in SonicWall GMS and Analytics. Affected products/versions: SonicWall GMS up to 9.3.2-SP1 and earlier; Analytics up to 2.5.0.4-R7 and earlier. Root cause: insufficient restriction of directory path names in the web service, enabling a ...

6.5CVSS6.8AI score0.01173EPSS
In wild
CVE
CVE
added 2023/07/13 12:58 a.m.162 views

CVE-2023-34128

The CVE maps to SonicWall GMS and Analytics where Tomcat credentials are hardcoded in the GMS/Analytics configuration file. Affected versions are SonicWall GMS 9.3.2-SP1 and earlier, and Analytics 2.5.0.4-R7 and earlier. Root cause: hardcoded Tomcat credentials in the configuration file, which ca...

9.8CVSS9.4AI score0.00591EPSS
In wild
CVE
CVE
added 2023/07/13 2:40 a.m.162 views

CVE-2023-34136

SonicWall GMS and Analytics are affected by a file-upload restriction vulnerability. Affected: GMS 9.3.2-SP1 and earlier; Analytics 2.5.0.4-R7 and earlier. Root cause: unauthenticated uploads to restricted locations due to insufficient restrictions. Impact (per sources): potential exposure of dat...

9.8CVSS9.3AI score0.00668EPSS
In wild
CVE
CVE
added 2023/07/13 1:3 a.m.159 views

CVE-2023-34129

CVE-2023-34129 describes a Zip Slip path traversal in SonicWall GMS and Analytics. An authenticated attacker can traverse the filesystem and write arbitrary files via the Web Service, potentially achieving root-level impact. Affected versions: SonicWall GMS 9.3.2-SP1 and earlier; Analytics 2.5.0....

8.8CVSS8.6AI score0.42911EPSS
In wild
CVE
CVE
added 2023/07/13 12:44 a.m.158 views

CVE-2023-34126

CVE-2023-34126 describes a vulnerability in SonicWall GMS and Analytics where an authenticated attacker can upload files to the underlying filesystem with root privileges. Root cause: insufficient restrictions on uploaded files. Affected versions are SonicWall GMS 9.3.2-SP1 and earlier, and Analy...

8.8CVSS8.8AI score0.00629EPSS
In wild
CVE
CVE
added 2023/07/13 12:21 a.m.150 views

CVE-2023-34125

CVE-2023-34125 describes a path traversal vulnerability in SonicWall’s Global Management System (GMS) and Analytics. An authenticated attacker could read arbitrary files from the underlying filesystem with root privileges by exploiting directory-path restrictions. Affected versions include SonicW...

6.5CVSS6.9AI score0.22708EPSS
In wild
CVE
CVE
added 2022/07/29 9:5 p.m.102 views

CVE-2022-22280

The CVE-2022-22280 issue is an unauthenticated SQL injection in SonicWall Analytics On-Prem (versions up to 2.5.0.3-2520) and GMS (up to 9.3.1-SP2-Hotfix1), caused by improper neutralization of special elements in SQL commands. The vulnerability can be exploited remotely over the network without ...

9.8CVSS9.8AI score0.09261EPSS
CVE
CVE
added 2021/08/10 11:5 p.m.65 views

CVE-2021-20032

CVE-2021-20032 affects SonicWall Analytics 2.5 On-Prem (versions up to 2.5.2518 and earlier). The vulnerability stems from a security misconfiguration of the Java Debug Wire Protocol (JDWP) interface, enabling potential remote code execution. Multiple sources (NVD, Red Hat, CVE listings, SonicWal...

9.8CVSS9.6AI score0.02007EPSS