CVE-2022-22280 — CVSS 9.8 (critical): Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting…
CVE-2023-34124 — CVSS 9.8 (critical): The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This…
CVE-2023-34128 — CVSS 9.8 (critical): Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and…
CVE-2023-34130 — CVSS 9.8 (critical): SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects…
CVE-2023-34132 — CVSS 9.8 (critical): Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This…
CVE-2023-34136 — CVSS 9.8 (critical): Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the…
CVE-2023-34137 — CVSS 9.8 (critical): SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to…
CVE-2023-34129 — CVSS 8.8 (high): Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an…
CVE-2023-34126 — CVSS 8.8 (high): Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root…
CVE-2023-34127 — CVSS 8.8 (high): Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall…
CVE-2023-34133 — CVSS 7.5 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an…
CVE-2023-34123 — CVSS 7.5 (high): Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier…
CVE-2023-34125 — CVSS 6.5 (medium): Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem…
CVE-2023-34135 — CVSS 6.5 (medium): Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the…
CVE-2023-34134 — CVSS 6.5 (medium): Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to…
CVE-2023-34131 — CVSS 5.3 (medium): Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker…