SQL Injection Vulnerability in SonicWall GMS and Analytics
CVE-2023-34133

7.5HIGH

Key Information:

Vendor
SonicWall
Status
GMS
Analytics
Vendor
CVE Published:
13 July 2023

Summary

An SQL Injection vulnerability in SonicWall GMS and Analytics allows unauthenticated attackers to access sensitive information from the application's database. This issue exposes critical data in GMS versions 9.3.2-SP1 and earlier, as well as Analytics versions 2.5.0.4-R7 and earlier, presenting a significant security risk for users without immediate remediation.

Affected Version(s)

Analytics 2.5.0.4-R7 and earlier versions

GMS 9.3.2-SP1 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...
vendor-advisory
https://www.sonicwall.com/support/notices/230710150218060
related
http://packetstormsecurity.com/files/174571/Sonicwall-GMS...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.