cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-34137,https://securityvulnerability.io/vulnerability/CVE-2023-34137,Authentication Bypass in SonicWall GMS and Analytics CAS Web Services,"The SonicWall GMS and Analytics CAS Web Services applications contain an authentication bypass vulnerability due to the use of static values for authentication without proper validation. This flaw can allow unauthorized users to gain access to sensitive functionalities, compromising the security of the affected products. Users are urged to upgrade to the latest versions to mitigate this risk and enhance their system defenses.",Sonicwall,"Gms,Analytics",9.8,CRITICAL,0.0022100000642240047,false,,false,false,false,,,false,false,,2023-07-13T03:15:00.000Z,0
CVE-2023-34131,https://securityvulnerability.io/vulnerability/CVE-2023-34131,Sensitive Information Exposure in SonicWall GMS and Analytics,"An exposure of sensitive information vulnerability exists in SonicWall GMS and Analytics that allows an unauthenticated attacker to gain access to restricted web pages. This flaw affects specific versions of GMS and Analytics, potentially allowing unauthorized access to sensitive data which could compromise user confidentiality and system integrity.",Sonicwall,"Gms,Analytics",5.3,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2023-07-13T03:15:00.000Z,0
CVE-2023-34136,https://securityvulnerability.io/vulnerability/CVE-2023-34136,File Upload Vulnerability in SonicWall GMS and Analytics,"A vulnerability exists in SonicWall GMS and Analytics, enabling an unauthenticated attacker to upload files to directories not controlled by the attacker. This could lead to potential exploitation, as the attacker may gain unauthorized access to sensitive information or cause disruption within the affected systems. The issue impacts GMS versions 9.3.2-SP1 and earlier, as well as Analytics versions 2.5.0.4-R7 and earlier, necessitating immediate attention and patching to mitigate risks.",Sonicwall,"Gms,Analytics",9.8,CRITICAL,0.0022100000642240047,false,,false,false,false,,,false,false,,2023-07-13T03:15:00.000Z,0
CVE-2023-34133,https://securityvulnerability.io/vulnerability/CVE-2023-34133,SQL Injection Vulnerability in SonicWall GMS and Analytics,"An SQL Injection vulnerability in SonicWall GMS and Analytics allows unauthenticated attackers to access sensitive information from the application's database. This issue exposes critical data in GMS versions 9.3.2-SP1 and earlier, as well as Analytics versions 2.5.0.4-R7 and earlier, presenting a significant security risk for users without immediate remediation.",SonicWall,"GMS,Analytics",7.5,HIGH,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-07-13T03:15:00.000Z,0
CVE-2023-34132,https://securityvulnerability.io/vulnerability/CVE-2023-34132,Authentication Vulnerability in SonicWall GMS and Analytics Products,"An authentication vulnerability exists in SonicWall GMS and Analytics, where the use of password hashes instead of plain passwords for authentication exposes the system to Pass-the-Hash attacks. This flaw can be exploited by attackers to gain unauthorized access to accounts and sensitive data, compromising the integrity of the affected systems. Businesses using GMS versions prior to 9.3.2-SP1 and Analytics versions prior to 2.5.0.4-R7 are particularly at risk and should take immediate action to remediate this vulnerability.",Sonicwall,"Gms,Analytics",9.8,CRITICAL,0.001930000027641654,false,,false,false,false,,,false,false,,2023-07-13T03:15:00.000Z,0
CVE-2023-34135,https://securityvulnerability.io/vulnerability/CVE-2023-34135,Path Traversal Vulnerability in SonicWall GMS and Analytics,A Path Traversal vulnerability in SonicWall's GMS and Analytics products enables remote authenticated attackers to access arbitrary files on the server's file system through the web service interface. This flaw poses a significant risk as it allows unauthorized users to potentially exploit sensitive data. Affected users are strongly advised to upgrade to the latest software versions to mitigate the risks associated with this security issue.,Sonicwall,"Gms,Analytics",6.5,MEDIUM,0.001230000052601099,false,,false,false,false,,,false,false,,2023-07-13T03:15:00.000Z,0
CVE-2023-34134,https://securityvulnerability.io/vulnerability/CVE-2023-34134,Sensitive Information Exposure in SonicWall GMS and Analytics,"A vulnerability in SonicWall GMS and Analytics permits an authenticated attacker to access sensitive information, specifically the administrator password hash, through a web service call. This flaw compromises user credentials, potentially leading to unauthorized access within affected versions of GMS and Analytics.",Sonicwall,"Gms,Analytics",6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-07-13T03:15:00.000Z,0
CVE-2023-34129,https://securityvulnerability.io/vulnerability/CVE-2023-34129,Path Traversal Vulnerability in SonicWall GMS and Analytics,"A vulnerability exists in SonicWall GMS and Analytics due to insufficient restrictions on pathname access, enabling an authenticated remote attacker to exploit this weakness using a 'Zip Slip' technique. This flaw enables the extraction of arbitrary files to any location on the underlying filesystem, potentially granting root privileges. The issue impacts specific versions of both GMS and Analytics, highlighting the critical need for users to review and mitigate this risk.",Sonicwall,"Gms,Analytics",8.8,HIGH,0.005009999964386225,false,,false,false,false,,,false,false,,2023-07-13T02:15:00.000Z,0
CVE-2023-34130,https://securityvulnerability.io/vulnerability/CVE-2023-34130,Outdated Encryption in SonicWall GMS and Analytics Exposes Sensitive Data,"SonicWall GMS and Analytics are impacted by a vulnerability stemming from the use of the outdated Tiny Encryption Algorithm (TEA) with a hardcoded key. This flaw puts sensitive data at risk, as the encryption method employed is inadequate and allows for potential exposure by malicious actors. Users of GMS versions 9.3.2-SP1 and earlier, along with Analytics versions 2.5.0.4-R7 and prior, should take immediate action to mitigate this security risk.",Sonicwall,"Gms,Analytics",9.8,CRITICAL,0.001500000013038516,false,,false,false,false,,,false,false,,2023-07-13T02:15:00.000Z,0
CVE-2023-34125,https://securityvulnerability.io/vulnerability/CVE-2023-34125,Path Traversal Vulnerability in SonicWall GMS and Analytics,"A path traversal vulnerability has been identified in SonicWall's GMS and Analytics products, allowing an authenticated attacker to exploit this flaw. By leveraging the vulnerability, attackers can gain unauthorized access to read arbitrary files from the system's underlying filesystem, potentially with root privileges. This includes sensitive information that could compromise the integrity and security of the affected environments, making prompt remediation imperative.",Sonicwall,"Gms,Analytics",6.5,MEDIUM,0.0009299999801442027,false,,false,false,false,,,false,false,,2023-07-13T01:15:00.000Z,0
CVE-2023-34126,https://securityvulnerability.io/vulnerability/CVE-2023-34126,File Upload Vulnerability in SonicWall GMS and Analytics Products,"A vulnerability in SonicWall's GMS and Analytics products enables an authenticated attacker to upload arbitrary files to the underlying filesystem with root privileges. This creates significant security risks, as the attacker could leverage these permissions to conduct further malicious activities. The affected versions of GMS include 9.3.2-SP1 and earlier, while the impacted Analytics versions are 2.5.0.4-R7 and earlier. Organizations using these platforms should apply the necessary updates and mitigations to safeguard their systems.",Sonicwall,"Gms,Analytics",8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-07-13T01:15:00.000Z,0
CVE-2023-34127,https://securityvulnerability.io/vulnerability/CVE-2023-34127,OS Command Injection Vulnerability in SonicWall GMS and Analytics,"An OS Command Injection vulnerability exists in SonicWall GMS and SonicWall Analytics, allowing an authenticated attacker to exploit the flaw and execute arbitrary commands with root privileges. This could lead to significant security risks, including unauthorized access to sensitive system functions and data manipulation. It is crucial for users of affected versions to apply the necessary security updates to mitigate the risks associated with this vulnerability.",SonicWall,"GMS,Analytics",8.8,HIGH,0.0022100000642240047,false,,false,false,false,,,false,false,,2023-07-13T01:15:00.000Z,0
CVE-2023-34124,https://securityvulnerability.io/vulnerability/CVE-2023-34124,Authentication Bypass in SonicWall GMS and Analytics Web Services,"An authentication mechanism flaw in SonicWall's GMS and Analytics Web Services allows threat actors to bypass authentication checks. This vulnerability affects GMS versions 9.3.2-SP1 and earlier, as well as Analytics versions 2.5.0.4-R7 and earlier. Due to inadequate security measures in the authentication process, unauthorized users could gain access to sensitive areas of the software, potentially leading to unauthorized actions within the impacted products. Organizations using these versions should prioritize applying the necessary patches to ensure their systems remain secure.",Sonicwall,"Gms,Analytics",9.8,CRITICAL,0.07757999747991562,false,,false,false,false,,,false,false,,2023-07-13T01:15:00.000Z,0
CVE-2023-34128,https://securityvulnerability.io/vulnerability/CVE-2023-34128,Credential Exposure in SonicWall GMS and Analytics Products,"SonicWall's GMS and Analytics products contain hardcoded application credentials within their configuration files, posing a risk of unauthorized access to sensitive information and control over the applications. This vulnerability affects GMS versions prior to 9.3.2-SP1 and Analytics prior to 2.5.0.4-R7, making it crucial for users to upgrade to the latest versions to mitigate potential security breaches.",Sonicwall,"Gms,Analytics",9.8,CRITICAL,0.0022100000642240047,false,,false,false,false,,,false,false,,2023-07-13T01:15:00.000Z,0
CVE-2023-34123,https://securityvulnerability.io/vulnerability/CVE-2023-34123,Use of Hard-coded Cryptographic Key Vulnerability in SonicWall GMS and Analytics,"This vulnerability in SonicWall's GMS and Analytics products arises from the use of hard-coded cryptographic keys, which can be exploited by attackers to gain unauthorized access to sensitive data. Specifically, the vulnerability affects GMS versions 9.3.2-SP1 and earlier, as well as Analytics versions 2.5.0.4-R7 and prior. Without proper remediation, this issue poses significant risks to the confidentiality and integrity of user data, necessitating prompt attention from system administrators.",Sonicwall,"Gms,Analytics",7.5,HIGH,0.0007900000200606883,false,,false,false,false,,,false,false,,2023-07-13T00:15:00.000Z,0
CVE-2021-20030,https://securityvulnerability.io/vulnerability/CVE-2021-20030,File Path Manipulation Vulnerability in SonicWall GMS,"SonicWall GMS possesses a vulnerability that allows an unauthenticated attacker to manipulate file paths, potentially granting unauthorized access to sensitive web directories. This access may lead to exposure of application's binaries and configuration files, significantly compromising the security of the system. Organizations using SonicWall GMS should be aware of this vulnerability and implement appropriate security measures to mitigate the associated risks.",Sonicwall,Sonicwall Gms,7.5,HIGH,0.0015300000086426735,false,,false,false,false,,,false,false,,2022-10-13T00:00:00.000Z,0
CVE-2022-22280,https://securityvulnerability.io/vulnerability/CVE-2022-22280,Unauthenticated SQL Injection Vulnerability in SonicWall GMS and Analytics,"This vulnerability allows for improper neutralization of special elements used in an SQL command. It exposes SonicWall GMS and Analytics products to potential unauthorized access, enabling attackers to execute arbitrary SQL queries without authentication. This issue affects SonicWall GMS version 9.3.1-SP2-Hotfix1 and Analytics On-Prem version 2.5.0.3-2520, as well as earlier versions, creating a significant risk for affected users.",Sonicwall,"Sonicwall Gms,Sonicwall Analytics On-prem",9.8,CRITICAL,0.0014199999859556556,false,,false,false,false,,,false,false,,2022-07-29T21:05:12.000Z,0
CVE-2021-20020,https://securityvulnerability.io/vulnerability/CVE-2021-20020,,A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.,Sonicwall,Global Management System (gms),9.8,CRITICAL,0.005080000031739473,false,,false,false,false,,,false,false,,2021-04-10T06:50:12.000Z,0
CVE-2019-7478,https://securityvulnerability.io/vulnerability/CVE-2019-7478,,"A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.",Sonicwall,Gms,9.8,CRITICAL,0.0013800000306218863,false,,false,false,false,,,false,false,,2019-12-31T00:15:00.000Z,0
CVE-2019-7476,https://securityvulnerability.io/vulnerability/CVE-2019-7476,,"A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier.",Sonicwall,Global Management System (gms),8.1,HIGH,0.005520000122487545,false,,false,false,false,,,false,false,,2019-04-26T20:25:46.000Z,0
CVE-2018-9866,https://securityvulnerability.io/vulnerability/CVE-2018-9866,,"A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.",Sonicwall,Global Management System (gms),9.8,CRITICAL,0.12793000042438507,false,,false,false,false,,,false,false,,2018-08-03T20:00:00.000Z,0