Vulnerabilities > Sonicwall > Global Management System

DATE CVE VULNERABILITY TITLE RISK
2023-07-13 CVE-2023-34131 Unspecified vulnerability in Sonicwall Analytics and Global Management System
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages.
network
low complexity
sonicwall
5.3
2023-07-13 CVE-2023-34132 Unspecified vulnerability in Sonicwall Analytics and Global Management System
Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks.
network
low complexity
sonicwall
critical
9.8
2023-07-13 CVE-2023-34133 SQL Injection vulnerability in Sonicwall Analytics and Global Management System
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database.
network
low complexity
sonicwall CWE-89
7.5
2023-07-13 CVE-2023-34134 Unspecified vulnerability in Sonicwall Analytics and Global Management System
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call.
network
low complexity
sonicwall
6.5
2023-07-13 CVE-2023-34135 Path Traversal vulnerability in Sonicwall Analytics and Global Management System
Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service.
network
low complexity
sonicwall CWE-22
6.5
2023-07-13 CVE-2023-34136 Unrestricted Upload of File with Dangerous Type vulnerability in Sonicwall Analytics and Global Management System
Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker.
network
low complexity
sonicwall CWE-434
critical
9.8
2023-07-13 CVE-2023-34137 Improper Authentication vulnerability in Sonicwall Analytics and Global Management System
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability.
network
low complexity
sonicwall CWE-287
critical
9.8
2023-07-13 CVE-2023-34129 Path Traversal vulnerability in Sonicwall Analytics and Global Management System
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges.
network
low complexity
sonicwall CWE-22
8.8
2023-07-13 CVE-2023-34130 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonicwall Analytics and Global Management System
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data.
network
low complexity
sonicwall CWE-327
critical
9.8
2023-07-13 CVE-2023-34124 Improper Authentication vulnerability in Sonicwall Analytics and Global Management System
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass.
network
low complexity
sonicwall CWE-287
critical
9.8