Vulnerabilities > Sonicwall > Analytics > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-07-13 CVE-2023-34137 Improper Authentication vulnerability in Sonicwall Analytics and Global Management System
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability.
network
low complexity
sonicwall CWE-287
critical
 9.8
9.8
2023-07-13 CVE-2023-34136 Unrestricted Upload of File with Dangerous Type vulnerability in Sonicwall Analytics and Global Management System
Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker.
network
low complexity
sonicwall CWE-434
critical
 9.8
9.8
2023-07-13 CVE-2023-34132 Unspecified vulnerability in Sonicwall Analytics and Global Management System
Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks.
network
low complexity
sonicwall
critical
 9.8
9.8
2023-07-13 CVE-2023-34130 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonicwall Analytics and Global Management System
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data.
network
low complexity
sonicwall CWE-327
critical
 9.8
9.8
2023-07-13 CVE-2023-34128 Insufficiently Protected Credentials vulnerability in Sonicwall Analytics and Global Management System
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file.
network
low complexity
sonicwall CWE-522
critical
 9.8
9.8
2023-07-13 CVE-2023-34124 Improper Authentication vulnerability in Sonicwall Analytics and Global Management System
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass.
network
low complexity
sonicwall CWE-287
critical
 9.8
9.8
2022-07-29 CVE-2022-22280 SQL Injection vulnerability in Sonicwall Analytics and Global Management System
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.
network
low complexity
sonicwall CWE-89
critical
 9.8
9.8
2021-08-10 CVE-2021-20032 Unspecified vulnerability in Sonicwall Analytics 2.5.0.3/2.5.2518
SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution.
network
low complexity
sonicwall
critical
 9.8
9.8