Sonicwall

Analytics

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-34137

  • EPSS 0.07%
  • Veröffentlicht 13.07.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 08:06:37

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earl...

9.8

CVE-2023-34136

  • EPSS 0.35%
  • Veröffentlicht 13.07.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 08:06:37

Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

6.5

CVE-2023-34135

  • EPSS 0.16%
  • Veröffentlicht 13.07.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 08:06:37

Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 ...

6.5

CVE-2023-34134

  • EPSS 0.25%
  • Veröffentlicht 13.07.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 08:06:37

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; ...

7.5

CVE-2023-34133

  • EPSS 85.17%
  • Veröffentlicht 13.07.2023 03:15:09
  • Zuletzt bearbeitet 23.04.2025 17:16:33

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GM...

9.8

CVE-2023-34132

  • EPSS 68.19%
  • Veröffentlicht 13.07.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 08:06:36

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

5.3

CVE-2023-34131

  • EPSS 0.35%
  • Veröffentlicht 13.07.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 08:06:36

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 ...

8.8

CVE-2023-34129

  • EPSS 33.31%
  • Veröffentlicht 13.07.2023 02:15:09
  • Zuletzt bearbeitet 21.11.2024 08:06:36

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any loc...

9.8

CVE-2023-34130

  • EPSS 0.11%
  • Veröffentlicht 13.07.2023 02:15:09
  • Zuletzt bearbeitet 21.11.2024 08:06:36

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

9.8

CVE-2023-34128

  • EPSS 0.21%
  • Veröffentlicht 13.07.2023 01:15:08
  • Zuletzt bearbeitet 21.11.2024 08:06:36

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.