Sonicwall

Global Management System

34 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-29011

  • EPSS 0.05%
  • Published 01.05.2024 19:15:22
  • Last modified 21.11.2024 09:07:22

Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions.

7.1

CVE-2024-29010

  • EPSS 0.09%
  • Published 01.05.2024 18:15:17
  • Last modified 21.11.2024 09:07:22

The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions.

9.8

CVE-2023-34132

  • EPSS 68.19%
  • Published 13.07.2023 03:15:09
  • Last modified 21.11.2024 08:06:36

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

5.3

CVE-2023-34131

  • EPSS 0.35%
  • Published 13.07.2023 03:15:09
  • Last modified 21.11.2024 08:06:36

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 ...

7.5

CVE-2023-34133

  • EPSS 85.17%
  • Published 13.07.2023 03:15:09
  • Last modified 23.04.2025 17:16:33

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GM...

6.5

CVE-2023-34134

  • EPSS 0.25%
  • Published 13.07.2023 03:15:09
  • Last modified 21.11.2024 08:06:37

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; ...

6.5

CVE-2023-34135

  • EPSS 0.16%
  • Published 13.07.2023 03:15:09
  • Last modified 21.11.2024 08:06:37

Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 ...

9.8

CVE-2023-34136

  • EPSS 0.35%
  • Published 13.07.2023 03:15:09
  • Last modified 21.11.2024 08:06:37

Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8

CVE-2023-34137

  • EPSS 0.07%
  • Published 13.07.2023 03:15:09
  • Last modified 21.11.2024 08:06:37

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earl...

9.8

CVE-2023-34130

  • EPSS 0.11%
  • Published 13.07.2023 02:15:09
  • Last modified 21.11.2024 08:06:36

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.