cbcvebase.

Sonicwall Global Management System vulnerabilities

31 known vulnerabilities affecting sonicwall/global_management_system.

Total CVEs
31
CISA KEV
0
Public exploits
8
Exploited in wild
3
Severity breakdown
CRITICAL16HIGH7MEDIUM7LOW1

Vulnerabilities

Page 2 of 2
CVE-2021-20030P3HIGHCVSS 7.5fixed in 9.3.22022-10-13
CVE-2021-20030 [HIGH] CWE-22 CVE-2021-20030: SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.
nvd
CVE-2019-7476P3HIGHCVSS 8.1≤ 8.3v8.4+5 more2019-04-26
CVE-2019-7476 [HIGH] CWE-284 CVE-2019-7476: A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to t A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier.
nvd
CVE-2023-34130P3CRITICALCVSS 9.8fixed in 9.3.2v9.3.22023-07-13
CVE-2023-34130 [CRITICAL] CWE-327 CVE-2023-34130: SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to enc SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
nvd
CVE-2023-34123P3HIGHCVSS 7.5fixed in 9.3.2v9.3.22023-07-13
CVE-2023-34123 [HIGH] CWE-321 CVE-2023-34123: Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
nvd
CVE-2023-34135P3MEDIUMCVSS 6.5fixed in 9.3.2v9.3.22023-07-13
CVE-2023-34135 [MEDIUM] CWE-36 CVE-2023-34135: Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker t Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
nvd
CVE-2013-7025P4LOWCVSS 3.5PoCv7.0v7.12013-12-09
CVE-2013-7025 [LOW] CWE-79 CVE-2013-7025: Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Setting Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.j
nvd
CVE-2023-34134P3MEDIUMCVSS 6.5fixed in 9.3.2v9.3.22023-07-13
CVE-2023-34134 [MEDIUM] CWE-200 CVE-2023-34134: Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analyt Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
nvd
CVE-2023-34131P4MEDIUMCVSS 5.3fixed in 9.3.2v9.3.22023-07-13
CVE-2023-34131 [MEDIUM] CWE-200 CVE-2023-34131: Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analyt Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
nvd
CVE-2018-5691P4MEDIUMCVSS 5.4≥ 7.0, ≤ 7.2≥ 8.1, ≤ 8.42018-01-14
CVE-2018-5691 [MEDIUM] CWE-79 CVE-2018-5691: SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sg SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.
nvd
CVE-2014-0332P4MEDIUMCVSS 4.3v7.0v7.12014-02-14
CVE-2014-0332 [MEDIUM] CWE-79 CVE-2014-0332: Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action.
nvd
CVE-2014-5024P4MEDIUMCVSS 4.3≤ 7.22014-07-24
CVE-2014-5024 [MEDIUM] CWE-79 CVE-2014-5024: Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and U Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter.
nvd
Sonicwall Global Management System vulnerabilities | cvebase