Lucene search
K
SonicwallHosted Email Security

4 matches found

CVE
CVE
added 2021/04/09 5:50 p.m.1222 views

CVE-2021-20021

CVE-2021-20021 affects SonicWall Email Security. The vulnerability enables an unauthenticated attacker to create an administrative account via a crafted HTTP request to the ES appliance, by exploiting an improperly secured admin API endpoint. This leads to privilege escalation with administrator ...

9.8CVSS9.1AI score0.83425EPSS
In wild
CVE
CVE
added 2021/04/09 5:50 p.m.1109 views

CVE-2021-20022

CVE-2021-20022 affects SonicWall Email Security versions 10.0.9.x and enables post-authenticated arbitrary file upload via the branding ZIP mechanism (Zip Slip style) to write files to the server. FireEye/Mandiant detail that lack of input validation allows an attacker to place a web shell in a w...

7.5CVSS8.1AI score0.16509EPSS
In wild
CVE
CVE
added 2021/04/20 11:55 a.m.1070 views

CVE-2021-20023

The CVE-2021-20023 entry affects SonicWall Email Security (version 10.0.9.x). Connected advisories describe a directory traversal/path traversal vulnerability that, when exploited by a post-authenticated attacker, could allow reading arbitrary files on the remote host. Evidence from advisories an...

4.9CVSS6.9AI score0.51407EPSS
In wild
CVE
CVE
added 2022/07/29 9:5 p.m.68 views

CVE-2022-2324

SonicWall Hosted Email Security (HES) is affected. Versions prior to 10.0.17.7319 contain an improperly implemented security check in the Capture ATP feature, enabling bypass of the Capture ATP security service. The issue could be exploited by an unauthenticated attacker to bypass security contro...

7.5CVSS7.5AI score0.00552EPSS