Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
SonicwallGlobal Management System9.3.2

15 matches found

CVE
CVEadded 2023/07/13 1:15 a.m.217 views

CVE-2023-34124

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.6AI score0.91536EPSS
CVE
CVEadded 2023/07/13 3:15 a.m.153 views

CVE-2023-34133

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5...

7.5CVSS8.7AI score0.85346EPSS
CVE
CVEadded 2023/07/13 12:15 a.m.152 views

CVE-2023-34123

Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

7.5CVSS8AI score0.00099EPSS
CVE
CVEadded 2023/07/13 1:15 a.m.140 views

CVE-2023-34127

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4...

8.8CVSS9.4AI score0.90479EPSS
CVE
CVEadded 2023/07/13 3:15 a.m.134 views

CVE-2023-34132

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.7AI score0.68192EPSS
CVE
CVEadded 2023/07/13 3:15 a.m.134 views

CVE-2023-34134

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

6.5CVSS7.5AI score0.00248EPSS
CVE
CVEadded 2023/07/13 3:15 a.m.134 views

CVE-2023-34137

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.6AI score0.00069EPSS
CVE
CVEadded 2023/07/13 2:15 a.m.124 views

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.3AI score0.0011EPSS
CVE
CVEadded 2023/07/13 3:15 a.m.124 views

CVE-2023-34135

Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

6.5CVSS6.8AI score0.00162EPSS
CVE
CVEadded 2023/07/13 3:15 a.m.122 views

CVE-2023-34136

Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.3AI score0.00347EPSS
CVE
CVEadded 2023/07/13 3:15 a.m.121 views

CVE-2023-34131

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

5.3CVSS6.1AI score0.00349EPSS
CVE
CVEadded 2023/07/13 1:15 a.m.118 views

CVE-2023-34128

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.4AI score0.0021EPSS
CVE
CVEadded 2023/07/13 2:15 a.m.118 views

CVE-2023-34129

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root priv...

8.8CVSS8.6AI score0.33308EPSS
CVE
CVEadded 2023/07/13 1:15 a.m.117 views

CVE-2023-34126

Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

8.8CVSS8.8AI score0.00287EPSS
CVE
CVEadded 2023/07/13 1:15 a.m.108 views

CVE-2023-34125

Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

6.5CVSS6.9AI score0.10187EPSS