Sonicwall Global Management System — known CVE vulnerabilities
Every CVE whose affected-product data names Sonicwall Global Management System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (32)
CVE-2016-2396 — CVSS 9.9 (critical): The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows…
CVE-2013-1360 — CVSS 9.8 (critical): An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0…
CVE-2023-34137 — CVSS 9.8 (critical): SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to…
CVE-2016-2397 — CVSS 9.8 (critical): The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers…
CVE-2018-9866 — CVSS 9.8 (critical): A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual…
CVE-2019-7478 — CVSS 9.8 (critical): A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4…
CVE-2021-20020 — CVSS 9.8 (critical): A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2022-22280 — CVSS 9.8 (critical): Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting…
CVE-2023-34124 — CVSS 9.8 (critical): The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This…
CVE-2023-34128 — CVSS 9.8 (critical): Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and…
CVE-2023-34130 — CVSS 9.8 (critical): SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects…
CVE-2023-34132 — CVSS 9.8 (critical): Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This…
CVE-2023-34136 — CVSS 9.8 (critical): Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the…
CVE-2013-1359 — CVSS 9.8 (critical): An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0…
CVE-2014-8420 — CVSS 9.0 (critical): The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and…
CVE-2015-3990 — CVSS 9.0 (critical): The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users…
CVE-2023-34129 — CVSS 8.8 (high): Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an…
CVE-2023-34126 — CVSS 8.8 (high): Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root…
CVE-2023-34127 — CVSS 8.8 (high): Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall…
CVE-2019-7476 — CVSS 8.1 (high): A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key…
CVE-2021-20030 — CVSS 7.5 (high): SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory…
CVE-2023-34123 — CVSS 7.5 (high): Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier…
CVE-2023-34133 — CVSS 7.5 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an…
CVE-2023-34125 — CVSS 6.5 (medium): Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem…
CVE-2023-34134 — CVSS 6.5 (medium): Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to…
CVE-2023-34135 — CVSS 6.5 (medium): Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the…
CVE-2018-3639 — CVSS 5.5 (medium): Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior…
CVE-2018-5691 — CVSS 5.4 (medium): SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.
CVE-2023-34131 — CVSS 5.3 (medium): Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker…
CVE-2014-0332 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL…
CVE-2014-5024 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote…
CVE-2013-7025 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global…