4 matches found
CVE-2021-20021
CVE-2021-20021 affects SonicWall Email Security. The vulnerability enables an unauthenticated attacker to create an administrative account via a crafted HTTP request to the ES appliance, by exploiting an improperly secured admin API endpoint. This leads to privilege escalation with administrator ...
CVE-2021-20022
CVE-2021-20022 affects SonicWall Email Security versions 10.0.9.x and enables post-authenticated arbitrary file upload via the branding ZIP mechanism (Zip Slip style) to write files to the server. FireEye/Mandiant detail that lack of input validation allows an attacker to place a web shell in a w...
CVE-2021-20023
The CVE-2021-20023 entry affects SonicWall Email Security (version 10.0.9.x). Connected advisories describe a directory traversal/path traversal vulnerability that, when exploited by a post-authenticated attacker, could allow reading arbitrary files on the remote host. Evidence from advisories an...
CVE-2022-2324
SonicWall Hosted Email Security (HES) is affected. Versions prior to 10.0.17.7319 contain an improperly implemented security check in the Capture ATP feature, enabling bypass of the Capture ATP security service. The issue could be exploited by an unauthenticated attacker to bypass security contro...