Vulnerabilities > Sonicwall > Global Management System
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-31 | CVE-2019-7478 | SQL Injection vulnerability in Sonicwall Global Management System A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. | 9.8 |
| 2019-04-26 | CVE-2019-7476 | Insecure Default Initialization of Resource vulnerability in Sonicwall Global Management System A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. | 8.1 |
| 2018-08-03 | CVE-2018-9866 | Improper Input Validation vulnerability in Sonicwall Global Management System A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. | 9.8 |
| 2018-05-22 | CVE-2018-3639 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | 5.5 |
| 2018-01-14 | CVE-2018-5691 | Cross-site Scripting vulnerability in Sonicwall Analyzer and Global Management System SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. | 5.4 |
| 2016-02-17 | CVE-2016-2397 | Command Injection vulnerability in Sonicwall products The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. | 9.8 |
| 2016-02-17 | CVE-2016-2396 | Command Injection vulnerability in Sonicwall products The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. | 9.9 |