Lucene search
+L
SonicwallGlobal Management System

32 matches found

CVE
CVE
added 2018/05/22 12:0 p.m.869 views

CVE-2018-3639

CVE-2018-3639 is a speculative execution side‑channel vulnerability (SSB) that can leak memory via speculative stores. The Connected ALMA doc notes a mitigation: SSB is disabled by the new alt-java launcher, reducing impact at the cost of performance, and it references OpenJDK 8u282 as part of th...

5.5CVSS5.9AI score0.60631EPSS
In wild
CVE
CVE
added 2023/07/13 12:14 a.m.290 views

CVE-2023-34124

CVE-2023-34124 affects SonicWall Global Management System (GMS) and Analytics Web Services. The root cause is insufficient authentication checks that allow bypass, impacting GMS versions up to 9.3.2-SP1 and Analytics up to 2.5.0.4-R7 and earlier. The issue enables unauthorized access; multiple co...

9.8CVSS9.6AI score0.44715EPSS
In wild
CVE
CVE
added 2023/07/13 2:28 a.m.218 views

CVE-2023-34133

CVE-2023-34133 is an SQL Injection affecting SonicWall GMS and Analytics (GMS 9.3.2-SP1 and earlier; Analytics 2.5.0.4-R7 and earlier). An unauthenticated attacker can extract data from the application database. Public materials reference SQLi in SonicWall GMS/Analytics and mention updated fixes;...

7.5CVSS8.7AI score0.72203EPSS
In wild
CVE
CVE
added 2023/07/12 11:16 p.m.198 views

CVE-2023-34123

CVE-2023-34123 describes a hard-coded cryptographic key vulnerability in SonicWall GMS (versions up to 9.3.2-SP1) and SonicWall Analytics (up to 2.5.0.4-R7). Connected PT-Security advisory notes the issue and recommends upgrading to fixed builds; The THN and NCSC/NV references indicate fixes exis...

7.5CVSS8AI score0.0081EPSS
In wild
CVE
CVE
added 2023/07/13 12:47 a.m.197 views

CVE-2023-34127

CVE-2023-34127 describes an OS Command Injection in SonicWall GMS and SonicWall Analytics. An authenticated attacker can execute arbitrary code with root privileges. Affected products/versions: SonicWall GMS 9.3.2-SP1 and earlier; SonicWall Analytics 2.5.0.4-R7 and earlier. The available descript...

8.8CVSS9.4AI score0.86469EPSS
In wild
CVE
CVE
added 2023/07/13 2:43 a.m.181 views

CVE-2023-34137

CVE-2023-34137 concerns an authentication bypass in SonicWall GMS and Analytics due to CAS Web Services using static credentials. Affected: GMS 9.3.2-SP1 and earlier; Analytics 2.5.0.4-R7 and earlier. Consequence: unauthorized access to data/operations via CAS authentication bypass. Mitigation: f...

9.8CVSS9.6AI score0.0101EPSS
In wild
CVE
CVE
added 2023/07/13 2:24 a.m.180 views

CVE-2023-34132

CVE-2023-34132 concerns SonicWall GMS and Analytics where authentication uses a password hash instead of the actual password, enabling Pass-the-Hash style attacks. Affected: GMS versions 9.3.2-SP1 and earlier; Analytics versions 2.5.0.4-R7 and earlier. The underlying issue is password-hash based ...

9.8CVSS9.7AI score0.0768EPSS
In wild
CVE
CVE
added 2023/07/13 2:35 a.m.180 views

CVE-2023-34134

CVE-2023-34134 affects SonicWall GMS (9.3.2-SP1 and earlier) and Analytics (2.5.0.4-R7 and earlier): an authenticated attacker could read the administrator password hash via a web service call. Root cause is exposure of sensitive information. Remediation: update to SonicWall GMS 9.3.3 and Analyti...

6.5CVSS7.5AI score0.01119EPSS
In wild
CVE
CVE
added 2023/07/13 1:6 a.m.179 views

CVE-2023-34130

CVE-2023-34130 affects SonicWall GMS (versions 9.3.2-SP1 and earlier) and SonicWall Analytics (versions 2.5.0.4-R7 and earlier). The root cause is use of an outdated encryption algorithm (TEA) with a hardcoded key to encrypt sensitive data, per the CVE description. The NVD metrics indicate a CRIT...

9.8CVSS9.3AI score0.00311EPSS
In wild
CVE
CVE
added 2023/07/13 2:37 a.m.169 views

CVE-2023-34135

Summary: CVE-2023-34135 covers a path traversal vulnerability in SonicWall GMS and Analytics. Affected products/versions: SonicWall GMS up to 9.3.2-SP1 and earlier; Analytics up to 2.5.0.4-R7 and earlier. Root cause: insufficient restriction of directory path names in the web service, enabling a ...

6.5CVSS6.8AI score0.0157EPSS
In wild
CVE
CVE
added 2019/12/30 11:50 p.m.166 views

CVE-2019-7478

SonicWall Global Management System (GMS) Webservice module is affected by CVE-2019-7478: unauthenticated SQL injection in GMS Webservice, affecting GMS versions 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. Root cause is lack of input validation/execution of externally entered SQL statements in the Webservice...

9.8CVSS9.7AI score0.01113EPSS
CVE
CVE
added 2023/07/13 2:20 a.m.166 views

CVE-2023-34131

The PT-2023-3806 entry confirms SonicWall GMS versions 9.3.2-SP1 and earlier and Analytics 2.5.0.4-R7 and earlier have an exposure vulnerability that allows an unauthenticated attacker to access restricted web pages due to lack of protection for service data. Remediation: upgrade to newer fixed v...

5.3CVSS6.1AI score0.00828EPSS
In wild
CVE
CVE
added 2023/07/13 12:58 a.m.164 views

CVE-2023-34128

The CVE maps to SonicWall GMS and Analytics where Tomcat credentials are hardcoded in the GMS/Analytics configuration file. Affected versions are SonicWall GMS 9.3.2-SP1 and earlier, and Analytics 2.5.0.4-R7 and earlier. Root cause: hardcoded Tomcat credentials in the configuration file, which ca...

9.8CVSS9.4AI score0.00707EPSS
In wild
CVE
CVE
added 2023/07/13 2:40 a.m.164 views

CVE-2023-34136

SonicWall GMS and Analytics are affected by a file-upload restriction vulnerability. Affected: GMS 9.3.2-SP1 and earlier; Analytics 2.5.0.4-R7 and earlier. Root cause: unauthenticated uploads to restricted locations due to insufficient restrictions. Impact (per sources): potential exposure of dat...

9.8CVSS9.3AI score0.00798EPSS
In wild
CVE
CVE
added 2023/07/13 1:3 a.m.161 views

CVE-2023-34129

CVE-2023-34129 describes a Zip Slip path traversal in SonicWall GMS and Analytics. An authenticated attacker can traverse the filesystem and write arbitrary files via the Web Service, potentially achieving root-level impact. Affected versions: SonicWall GMS 9.3.2-SP1 and earlier; Analytics 2.5.0....

8.8CVSS8.6AI score0.41155EPSS
In wild
CVE
CVE
added 2023/07/13 12:44 a.m.159 views

CVE-2023-34126

CVE-2023-34126 describes a vulnerability in SonicWall GMS and Analytics where an authenticated attacker can upload files to the underlying filesystem with root privileges. Root cause: insufficient restrictions on uploaded files. Affected versions are SonicWall GMS 9.3.2-SP1 and earlier, and Analy...

8.8CVSS8.8AI score0.00759EPSS
In wild
CVE
CVE
added 2023/07/13 12:21 a.m.153 views

CVE-2023-34125

CVE-2023-34125 describes a path traversal vulnerability in SonicWall’s Global Management System (GMS) and Analytics. An authenticated attacker could read arbitrary files from the underlying filesystem with root privileges by exploiting directory-path restrictions. Affected versions include SonicW...

6.5CVSS6.9AI score0.25374EPSS
In wild
CVE
CVE
added 2022/07/29 9:5 p.m.105 views

CVE-2022-22280

The CVE-2022-22280 issue is an unauthenticated SQL injection in SonicWall Analytics On-Prem (versions up to 2.5.0.3-2520) and GMS (up to 9.3.1-SP2-Hotfix1), caused by improper neutralization of special elements in SQL commands. The vulnerability can be exploited remotely over the network without ...

9.8CVSS9.8AI score0.09261EPSS
CVE
CVE
added 2021/04/10 6:50 a.m.86 views

CVE-2021-20020

CVE-2021-20020 affects SonicWall Global Management System (GMS) 9.3 . The vulnerability is described as a remote, unauthenticated command execution that leads to local privilege escalation to root on the appliance. Connected sources corroborate a high-severity, network-exposed issue with root-lev...

10CVSS9.7AI score0.0373EPSS
CVE
CVE
added 2020/02/11 4:42 p.m.75 views

CVE-2013-1359

CPU : CVE-2013-1359 describes an authentication bypass in Dell SonicWALL products (Analyzer, GMS, UMA, ViewPoint) where the skipSessionCheck parameter to the UMA interface (/appliance/) can be set to 1 to bypass login and access root. Affected products include SonicWALL ViewPoint, Analyzer, GMS (...

10CVSS9.1AI score0.89402EPSS
Web
CVE
CVE
added 2014/02/14 4:0 p.m.73 views

CVE-2014-0332

Affected software : Dell SonicWALL GMS, SonicWALL Analyzer, and SonicWALL UMA E5000 (all before 7.1 SP2). Vulnerability : Cross-site scripting (XSS) in mainPage via the node_id parameter of ScreenDisplayManager genNetwork action (input not properly sanitized). Impact : Remote attackers can inject...

4.3CVSS5.8AI score0.02761EPSS
Web
CVE
CVE
added 2018/08/03 8:0 p.m.65 views

CVE-2018-9866

SonicWall GMS (Global Management System) virtual appliances with version 8.1 and earlier are affected by CVE-2018-9866 due to lack of validation of user-supplied parameters passed to XML-RPC calls. This allows a remote attacker to execute arbitrary code on the vulnerable system. The issue affects...

9.8CVSS9.7AI score0.04504EPSS
In wild
CVE
CVE
added 2015/05/20 6:0 p.m.62 views

CVE-2015-3990

CVE-2015-3990 affects the Dell SonicWall GMS suite (GMS ViewPoint web app) on GMS, Analyzer, and UMA EM5000 prior to 7.2 SP4. Affected component: GMSVP web application; vulnerability enables remote authenticated users to execute arbitrary commands via configuration-related input handling. Root ca...

9CVSS7.4AI score0.02723EPSS
CVE
CVE
added 2022/10/13 12:0 a.m.62 views

CVE-2021-20030

CVE-2021-20030 affects SonicWall Global Management System (GMS). The connected sources describe a file path manipulation vulnerability that allows an unauthenticated attacker to access the web directory containing the application's binaries and configuration files. The CVE is documented across mu...

7.5CVSS7.7AI score0.00785EPSS
CVE
CVE
added 2019/04/26 8:25 p.m.59 views

CVE-2019-7476

SonicWall Global Management System (GMS) is affected by CVE-2019-7476, allowing a remote attacker to gain access to the appliance by using an existing SSH key. Affected versions include GMS 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. The connected documents do not provide detailed root-cause analys...

8.1CVSS8AI score0.01363EPSS
CVE
CVE
added 2020/02/11 3:44 p.m.57 views

CVE-2013-1360

This CVE affects DELL SonicWALL GMS, Analyzer, UMA, and ViewPoint products. A crafted request to the SGMS interface (/sgms/) allows an unauthenticated remote attacker to bypass authentication and gain full administrative access to the web interface, potentially compromising all managed appliances...

10CVSS9AI score0.23211EPSS
Web
CVE
CVE
added 2018/01/14 4:0 a.m.56 views

CVE-2018-5691

The CVE-2018-5691 entry concerns Dell SonicWall Global Management System (GMS) v8.1. Affected component: the /sgms/TreeControl module; vulnerability type: Cross-Site Scripting (XSS) via the values of newName and Name. Root cause is an input handling flaw that allows malicious script injection thr...

5.4CVSS5.2AI score0.00708EPSS
Web
CVE
CVE
added 2014/07/24 2:0 p.m.53 views

CVE-2014-5024

CVE-2014-5024 is a cross-site scripting (XSS) vulnerability in Dell SonicWALL GMS, Analyzer, and UMA, affecting the sgms/panelManager component. The issue allows remote attackers to inject arbitrary web script or HTML via the node_id parameter. The vulnerability is described in several connected ...

4.3CVSS5.9AI score0.01627EPSS
Web
CVE
CVE
added 2014/11/25 3:0 p.m.49 views

CVE-2014-8420

CVE-2014-8420 affects Dell SonicWALL GMS suite: ViewPoint web application in GMS, SonicWALL Analyzer, and SonicWALL UMA up to version 7.2 SP2. The vulnerability is a remote code execution flaw in the ViewPoint component, arising from insufficient input/config handling, allowing a remote authentic...

9CVSS7.5AI score0.23987EPSS
CVE
CVE
added 2016/02/17 3:0 p.m.49 views

CVE-2016-2397

The CVE-2016-2397 entry concerns the cliserver component in Dell SonicWALL GMS, Analyzer, and UMA EM5000 (versions 7.2, 8.0, 8.1 prior to Hotfix 168056). The vulnerability allows remote attackers to deserialize XML data and execute arbitrary Java code on affected systems. The underlying issue is ...

10CVSS9.6AI score0.06437EPSS
CVE
CVE
added 2013/12/09 11:0 a.m.48 views

CVE-2013-7025

CVE-2013-7025 describes multiple XSS vulnerabilities in ematStaticAlertTypes.jsp within the Alert Settings area of Dell SonicWALL Global Management System (GMS), SonicWALL Analyzer, and UMA EM5000 7.1 SP1 prior to Hotfix 134235. The underlying issue is reflected/stored XSS via the parameters valf...

3.5CVSS5.5AI score0.04337EPSS
Web
CVE
CVE
added 2016/02/17 3:0 p.m.45 views

CVE-2016-2396

CVE-2016-2396 affects Dell SonicWALL GMS ViewPoint (GMSVP) web app used by Dell SonicWALL GMS/Analyzer/UMA EM5000 versions 7.2, 8.0, 8.1 prior to Hotfix 168056. Affected component is the GMSVP web interface where input in configuration fields is not safely sanitized, allowing a remote authenticat...

9.9CVSS9.2AI score0.04746EPSS