Global Management System Security Vulnerabilities and Issues — Global Management System CVE List

Lucene search

SonicwallGlobal Management System

12 matches found

CVE•added 2023/07/13 1:15 a.m.•223 views

CVE-2023-34124

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.6AI score0.91536EPSS

CVE•added 2019/12/31 12:15 a.m.•146 views

CVE-2019-7478

A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.

9.8CVSS9.7AI score0.0057EPSS

CVE•added 2023/07/13 3:15 a.m.•141 views

CVE-2023-34137

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.6AI score0.00069EPSS

CVE•added 2023/07/13 3:15 a.m.•140 views

CVE-2023-34132

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.7AI score0.68192EPSS

CVE•added 2023/07/13 2:15 a.m.•130 views

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.3AI score0.0011EPSS

CVE•added 2023/07/13 3:15 a.m.•128 views

CVE-2023-34136

Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.3AI score0.00347EPSS

CVE•added 2023/07/13 1:15 a.m.•125 views

CVE-2023-34128

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8CVSS9.4AI score0.0021EPSS

CVE•added 2022/07/29 9:15 p.m.•88 views

CVE-2022-22280

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.

9.8CVSS9.8AI score0.05069EPSS

CVE•added 2018/08/03 8:29 p.m.•48 views

CVE-2018-9866

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.

9.8CVSS9.7AI score0.11744EPSS

CVE•added 2015/05/20 6:59 p.m.•42 views

CVE-2015-3990

The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.

9CVSS7.4AI score0.00583EPSS

CVE•added 2014/11/25 3:59 p.m.•36 views

CVE-2014-8420

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.

9CVSS7.5AI score0.04076EPSS

CVE•added 2016/02/17 3:59 p.m.•33 views

CVE-2016-2396

The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.

9.9CVSS9.2AI score0.00586EPSS