Home/Product/sonicwall global management system
Product

sonicwall global management system

32 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-34137
< 9.3.2
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to aut
9.8CRITICAL
 CVE-2023-34136
< 9.3.2
Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controll
9.8CRITICAL
 CVE-2023-34135
< 9.3.2
Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from th
6.5MEDIUM
 CVE-2023-34134
< 9.3.2
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attac
6.5MEDIUM
 CVE-2023-34133
< 9.3.2
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics
7.5HIGH
 CVE-2023-34132
< 9.3.2
Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash atta
9.8CRITICAL
 CVE-2023-34131
< 9.3.2
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated
5.3MEDIUM
 CVE-2023-34130
< 9.3.2
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issu
9.8CRITICAL
 CVE-2023-34129
< 9.3.2
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows
8.8HIGH
 CVE-2023-34128
< 9.3.2
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1
9.8CRITICAL
 CVE-2023-34127
< 9.3.2
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWa
8.8HIGH
 CVE-2023-34126
< 9.3.2
Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with ro
8.8HIGH
 CVE-2023-34125
< 9.3.2
Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying fil
6.5MEDIUM
 CVE-2023-34124
< 9.3.2
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass.
9.8CRITICAL
 CVE-2023-34123
< 9.3.2
Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and ear
7.5HIGH
 CVE-2021-20030
< 9.3.2
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory
7.5HIGH
 CVE-2022-22280
< 9.3.1
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacti
9.8CRITICAL
 CVE-2021-20020
all versions
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to r
9.8CRITICAL
 CVE-2013-1359
all versions
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, a
9.8CRITICAL
 CVE-2013-1360
all versions
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyz
9.8CRITICAL
 CVE-2019-7478
all versions
A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions
9.8CRITICAL
 CVE-2019-7476
<= 8.3
A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SS
8.1HIGH
 CVE-2018-9866
<= 8.1
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS
9.8CRITICAL
 CVE-2018-3639
all versions
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all
5.5MEDIUM
 CVE-2018-5691
>= 7.0 and <= 7.2
SonicWall Global Management System (GMS) 8.1 has XSS via the newName and Name values of the /sgms/TreeControl module.
5.4MEDIUM
 CVE-2016-2397
all versions
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote
9.8CRITICAL
 CVE-2016-2396
all versions
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 a
9.9CRITICAL
 CVE-2015-3990
<= 7.2
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticat
 CVE-2014-8420
all versions
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2,
 CVE-2014-5024
<= 7.2
Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remot
 CVE-2014-0332
all versions
Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and
 CVE-2013-7025
all versions
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Gl
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin