Lucene search

K

5 matches found

CVE
CVE
added 2021/08/04 7:15 p.m.982 views

CVE-2021-20028

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier

9.8CVSS9.8AI score0.86703EPSS
CVE
CVE
added 2021/09/27 6:15 p.m.136 views

CVE-2021-20035

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

6.8CVSS6.4AI score0.16762EPSS
CVE
CVE
added 2021/09/27 6:15 p.m.117 views

CVE-2021-20034

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

9.1CVSS9.2AI score0.07211EPSS
CVE
CVE
added 2021/12/23 2:15 a.m.48 views

CVE-2021-20049

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.

7.5CVSS7.6AI score0.00453EPSS
CVE
CVE
added 2021/12/23 2:15 a.m.47 views

CVE-2021-20050

An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.

7.5CVSS7.9AI score0.00217EPSS