Global Management System@* Security Vulnerabilities and Issues — Global Management System@* CVE List

Lucene search

SonicwallGlobal Management System*

25 matches found

CVE•added 2023/07/13 1:15 a.m.•217 views

CVE-2023-34124

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.6AI score0.91536EPSS

CVE•added 2023/07/13 3:15 a.m.•153 views

CVE-2023-34133

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5...

7.5CVSS8.7AI score0.85346EPSS

CVE•added 2023/07/13 12:15 a.m.•152 views

CVE-2023-34123

Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

7.5CVSS8AI score0.00099EPSS

CVE•added 2023/07/13 1:15 a.m.•140 views

CVE-2023-34127

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4...

8.8CVSS9.4AI score0.90479EPSS

CVE•added 2023/07/13 3:15 a.m.•134 views

CVE-2023-34132

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.7AI score0.68192EPSS

CVE•added 2023/07/13 3:15 a.m.•134 views

CVE-2023-34134

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

6.5CVSS7.5AI score0.00248EPSS

CVE•added 2023/07/13 3:15 a.m.•134 views

CVE-2023-34137

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.6AI score0.00069EPSS

CVE•added 2023/07/13 2:15 a.m.•124 views

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.3AI score0.0011EPSS

CVE•added 2023/07/13 3:15 a.m.•124 views

CVE-2023-34135

Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

6.5CVSS6.8AI score0.00162EPSS

CVE•added 2023/07/13 3:15 a.m.•122 views

CVE-2023-34136

Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.3AI score0.00347EPSS

CVE•added 2023/07/13 3:15 a.m.•121 views

CVE-2023-34131

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

5.3CVSS6.1AI score0.00349EPSS

CVE•added 2023/07/13 1:15 a.m.•118 views

CVE-2023-34128

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.4AI score0.0021EPSS

CVE•added 2023/07/13 2:15 a.m.•118 views

CVE-2023-34129

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root priv...

8.8CVSS8.6AI score0.33308EPSS

CVE•added 2023/07/13 1:15 a.m.•117 views

CVE-2023-34126

Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

8.8CVSS8.8AI score0.00287EPSS

CVE•added 2023/07/13 1:15 a.m.•108 views

CVE-2023-34125

Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

6.5CVSS6.9AI score0.10187EPSS

CVE•added 2022/07/29 9:15 p.m.•88 views

CVE-2022-22280

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.

9.8CVSS9.8AI score0.05069EPSS

CVE•added 2021/04/10 7:15 a.m.•74 views

CVE-2021-20020

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.

10CVSS9.7AI score0.02384EPSS

CVE•added 2018/08/03 8:29 p.m.•48 views

CVE-2018-9866

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.

9.8CVSS9.7AI score0.11744EPSS

CVE•added 2019/04/26 9:29 p.m.•46 views

CVE-2019-7476

A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier.

8.1CVSS8AI score0.00447EPSS

CVE•added 2022/10/13 11:15 a.m.•46 views

CVE-2021-20030

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.

7.5CVSS7.7AI score0.00581EPSS

CVE•added 2015/05/20 6:59 p.m.•42 views

CVE-2015-3990

The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.

9CVSS7.4AI score0.00583EPSS

CVE•added 2018/01/14 4:29 a.m.•40 views

CVE-2018-5691

SonicWall Global Management System (GMS) 8.1 has XSS via the newName and Name values of the /sgms/TreeControl module.

5.4CVSS5.2AI score0.00359EPSS

CVE•added 2014/07/24 2:55 p.m.•38 views

CVE-2014-5024

Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter.

4.3CVSS5.9AI score0.01364EPSS

CVE•added 2024/05/01 6:15 p.m.•38 views

CVE-2024-29010

The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions.

7.1CVSS6.8AI score0.00064EPSS

CVE•added 2024/05/01 7:15 p.m.•38 views

CVE-2024-29011

Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions.

7.5CVSS7.8AI score0.00035EPSS