Skip to main content

Global Management System

29 CVEs product

Monthly

CVE-2023-34137 CRITICAL Act Now

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability.3.2-SP1 and earlier versions;. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sonicwall Analytics Global Management System
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-34136 CRITICAL Act Now

Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker.3.2-SP1 and earlier versions; Analytics:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Sonicwall Analytics Global Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-34135 MEDIUM This Month

Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service.3.2-SP1 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sonicwall Analytics Global Management System
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-34134 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Analytics Global Management System
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-34133 HIGH POC THREAT Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sonicwall Analytics Global Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
76.5%
CVE-2023-34132 CRITICAL POC Emergency

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sonicwall Analytics Global Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
7.4%
CVE-2023-34131 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages.3.2-SP1 and earlier. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Analytics Global Management System
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-34130 CRITICAL Act Now

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Analytics Global Management System
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-34129 HIGH This Week

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sonicwall Analytics Global Management System
NVD
CVSS 3.1
8.8
EPSS
40.9%
CVE-2023-34128 CRITICAL Act Now

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Sonicwall Analytics Global Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-34127 HIGH POC THREAT Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Sonicwall Analytics Global Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
86.3%
CVE-2023-34126 HIGH This Week

Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Sonicwall Analytics Global Management System
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-34125 MEDIUM This Month

Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges.3.2-SP1 and earlier versions; Analytics:. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Analytics Global Management System
NVD
CVSS 3.1
6.5
EPSS
25.2%
CVE-2023-34124 CRITICAL POC THREAT Emergency

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sonicwall Analytics Global Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
43.7%
CVE-2023-34123 HIGH This Week

Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Global Management System Analytics
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-22280 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sonicwall SQLi Analytics Global Management System
NVD
CVSS 3.1
9.8
EPSS
9.3%
CVE-2021-20020 CRITICAL Act Now

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sonicwall Authentication Bypass Global Management System
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-7478 CRITICAL Act Now

A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Global Management System
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-7476 HIGH This Week

A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Sonicwall Global Management System
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2018-9866 CRITICAL POC Act Now

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sonicwall RCE Command Injection Global Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
4.5%
CVE-2018-3639 MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 46.0%.

Authentication Bypass Atom C Atom E Atom X5 E3930 Atom X5 E3940 +278
NVD Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
46.0%
Threat
4.0
CVE-2018-5691 MEDIUM POC This Month

SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sonicwall XSS Analyzer Global Management System
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2016-2397 CRITICAL Act Now

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Command Injection Sonicwall Dell Uma Em5000 Firmware +2
NVD
CVSS 3.0
9.8
EPSS
5.0%
CVE-2016-2396 CRITICAL Act Now

The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sonicwall Dell Analyzer Global Management System +1
NVD
CVSS 3.0
9.9
EPSS
0.6%
CVE-2015-3990 CRITICAL Act Now

The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sonicwall Information Disclosure Dell Uma Em5000 Firmware Analyzer +1
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2014-8420 CRITICAL POC THREAT Emergency

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.8%.

Sonicwall RCE Dell Analyzer Global Management System +1
NVD
CVSS 2.0
9.0
EPSS
73.8%
Threat
5.5
CVE-2014-5024 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sonicwall Dell Analyzer Global Management System +1
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2014-0332 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Dell Sonicwall XSS Global Management System Analyzer
NVD
CVSS 2.0
4.3
EPSS
1.8%
CVE-2013-7025 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Dell Sonicwall XSS Analyzer Global Management System +1
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
3.1%
EPSS 1% CVSS 9.8
CRITICAL Act Now

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability.3.2-SP1 and earlier versions;. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sonicwall Analytics +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker.3.2-SP1 and earlier versions; Analytics:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Sonicwall Analytics +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service.3.2-SP1 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sonicwall Analytics +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Analytics +1
NVD
EPSS 76% CVSS 7.5
HIGH POC THREAT Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sonicwall Analytics +1
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Emergency

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sonicwall Analytics +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages.3.2-SP1 and earlier. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Analytics +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Analytics +1
NVD
EPSS 41% CVSS 8.8
HIGH This Week

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sonicwall Analytics +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Sonicwall +2
NVD
EPSS 86% CVSS 8.8
HIGH POC THREAT Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Sonicwall +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Sonicwall Analytics +1
NVD
EPSS 25% CVSS 6.5
MEDIUM This Month

Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges.3.2-SP1 and earlier versions; Analytics:. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Analytics Global Management System
NVD
EPSS 44% CVSS 9.8
CRITICAL POC THREAT Emergency

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sonicwall Analytics +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Global Management System +1
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sonicwall SQLi Analytics +1
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sonicwall Authentication Bypass Global Management System
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Global Management System
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Sonicwall Global Management System
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sonicwall RCE Command Injection +1
NVD GitHub
EPSS 46% 4.0 CVSS 5.5
MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 46.0%.

Authentication Bypass Atom C Atom E +280
NVD Exploit-DB VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sonicwall XSS Analyzer +1
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Command Injection Sonicwall +4
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sonicwall Dell +3
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sonicwall Information Disclosure Dell +3
NVD
EPSS 74% 5.5 CVSS 9.0
CRITICAL POC THREAT Emergency

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.8%.

Sonicwall RCE Dell +3
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sonicwall Dell +3
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Dell Sonicwall XSS +2
NVD
EPSS 3% CVSS 3.5
LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Dell Sonicwall XSS +3
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy