📦

global_management_system

Vendor: sonicwall

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 5 Code Available
Total RCEs 6 Remote Access
Total CVEs 43 Total Indexed
Avg. EPSS 20.62% Exploit Prob.
Latest CVE CVE-2023-34137 Jul 13

Security Vulnerability Index

Page 3 / 5
9.8 CVSS
CVE-2019-7478

A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.

EPSS: 0.48%
8.1 CVSS
CVE-2019-7476

A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier.

EPSS: 0.45%
9.8 CVSS
CVE-2018-9866
RCE

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.

EPSS: 11.23%
5.5 CVSS
CVE-2018-3639
Exploit Found

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

EPSS: 46.73%
5.4 CVSS
CVE-2018-5691

SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.

EPSS: 0.36%
9.8 CVSS
CVE-2016-2397
RCE

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.

EPSS: 5.04%
9.9 CVSS
CVE-2016-2396
RCE

The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.

EPSS: 0.59%
9.0 CVSS
CVE-2015-3990
RCE

The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.

EPSS: 0.58%
9.0 CVSS
CVE-2014-8420
RCE

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.

EPSS: 73.82%
4.3 CVSS
CVE-2014-5024

Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter.

EPSS: 1.36%