Search criteria
9 vulnerabilities found for uma_em5000_firmware by sonicwall
FKIE_CVE-2016-2397
Vulnerability from fkie_nvd - Published: 2016-02-17 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1035015 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.zerodayinitiative.com/advisories/ZDI-16-163 | Third Party Advisory | |
| cve@mitre.org | https://support.software.dell.com/product-notification/185943 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035015 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-16-163 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.software.dell.com/product-notification/185943 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | uma_em5000_firmware | 7.2 | |
| sonicwall | uma_em5000_firmware | 8.0 | |
| sonicwall | uma_em5000_firmware | 8.1 | |
| sonicwall | uma_em5000 | - | |
| sonicwall | analyzer | 7.2 | |
| sonicwall | analyzer | 8.0 | |
| sonicwall | analyzer | 8.1 | |
| sonicwall | global_management_system | 7.2 | |
| sonicwall | global_management_system | 8.0 | |
| sonicwall | global_management_system | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:uma_em5000_firmware:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94D32881-3205-40C9-9099-D517DDD0E85F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:uma_em5000_firmware:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC08F8A-B838-4878-A599-8FBD69EAF28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:uma_em5000_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34AECE24-76B8-4EEB-9018-F3C35FEE6A00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23315AEF-29C1-4A58-A933-2A4305123D7F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05DC3043-D6B1-4863-AE06-FAC32F94091B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59AE4366-0EF5-4DD9-B533-1101AB06FC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B30D6D7E-63DA-49F9-A904-FAC2C40B4B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C91AE401-839F-4B95-AC84-12D003B0CF59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E119AFF9-BAB9-42BA-AF89-A0C59DC4D4F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36989FC7-3390-455E-8F7E-E3C4EB29D812",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de cliserver en Dell SonicWALL GMS, Analyzer y UMA EM5000 7.2, 8.0 y 8.1 en versiones anteriores a Hotfix 168056 permite a atacantes remotos deserializar y ejecutar c\u00f3digo Java arbitrario a trav\u00e9s de datos XML manipulados."
}
],
"id": "CVE-2016-2397",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-17T15:59:07.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.software.dell.com/product-notification/185943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-2396
Vulnerability from fkie_nvd - Published: 2016-02-17 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | analyzer | 7.2 | |
| sonicwall | analyzer | 8.0 | |
| sonicwall | analyzer | 8.1 | |
| sonicwall | global_management_system | 7.2 | |
| sonicwall | global_management_system | 8.0 | |
| sonicwall | global_management_system | 8.1 | |
| sonicwall | uma_em5000_firmware | 7.2 | |
| sonicwall | uma_em5000_firmware | 8.0 | |
| sonicwall | uma_em5000_firmware | 8.1 | |
| sonicwall | uma_em5000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05DC3043-D6B1-4863-AE06-FAC32F94091B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59AE4366-0EF5-4DD9-B533-1101AB06FC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B30D6D7E-63DA-49F9-A904-FAC2C40B4B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C91AE401-839F-4B95-AC84-12D003B0CF59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E119AFF9-BAB9-42BA-AF89-A0C59DC4D4F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36989FC7-3390-455E-8F7E-E3C4EB29D812",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:uma_em5000_firmware:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94D32881-3205-40C9-9099-D517DDD0E85F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:uma_em5000_firmware:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC08F8A-B838-4878-A599-8FBD69EAF28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:uma_em5000_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34AECE24-76B8-4EEB-9018-F3C35FEE6A00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23315AEF-29C1-4A58-A933-2A4305123D7F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n web GMS ViewPoint (GMSVP) en Dell SonicWALL GMS, Analyzer y UMA EM5000 7.2, 8.0 y 8.1 en versiones anteriores a Hotfix 168056 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de vectores relacionados con la entrada de configuraci\u00f3n."
}
],
"id": "CVE-2016-2396",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-17T15:59:06.737",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"url": "http://www.securitytracker.com/id/1035015"
},
{
"source": "zdi-disclosures@trendmicro.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-164"
},
{
"source": "zdi-disclosures@trendmicro.com",
"url": "https://support.software.dell.com/product-notification/185943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3990
Vulnerability from fkie_nvd - Published: 2015-05-20 18:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | uma_em5000_firmware | * | |
| sonicwall | uma_em5000 | - | |
| sonicwall | analyzer | * | |
| sonicwall | global_management_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:uma_em5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A51CB7D8-08D9-4716-8D39-F33596DCFD18",
"versionEndIncluding": "7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:uma_em5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23315AEF-29C1-4A58-A933-2A4305123D7F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB379556-F957-439C-8644-DFD96C9BBE8D",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DADDE6-6E5A-4C12-8B37-C9A173B05481",
"versionEndIncluding": "7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n web GMS ViewPoint (GMSVP) en Dell Sonicwall GMS, Analyzer, y UMA EM5000 anterior a 7.2 SP4 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de vectores relacionados con la configuraci\u00f3n."
}
],
"id": "CVE-2015-3990",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-20T18:59:05.793",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"url": "http://www.securityfocus.com/bid/74756"
},
{
"source": "zdi-disclosures@trendmicro.com",
"url": "http://www.securitytracker.com/id/1032373"
},
{
"source": "zdi-disclosures@trendmicro.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/"
},
{
"source": "zdi-disclosures@trendmicro.com",
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.software.dell.com/product-notification/152178"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-2396 (GCVE-0-2016-2396)
Vulnerability from cvelistv5 – Published: 2016-02-17 15:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:52:16",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "1035015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2016-2396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035015"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-164",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-164"
},
{
"name": "https://support.software.dell.com/product-notification/185943",
"refsource": "CONFIRM",
"url": "https://support.software.dell.com/product-notification/185943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2016-2396",
"datePublished": "2016-02-17T15:00:00",
"dateReserved": "2016-02-17T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2397 (GCVE-0-2016-2397)
Vulnerability from cvelistv5 – Published: 2016-02-17 15:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"name": "1035015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-19T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"name": "1035015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-163",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"name": "1035015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035015"
},
{
"name": "https://support.software.dell.com/product-notification/185943",
"refsource": "CONFIRM",
"url": "https://support.software.dell.com/product-notification/185943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2397",
"datePublished": "2016-02-17T15:00:00",
"dateReserved": "2016-02-17T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3990 (GCVE-0-2015-3990)
Vulnerability from cvelistv5 – Published: 2015-05-20 18:00 – Updated: 2024-08-06 06:04
VLAI?
Summary
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032373",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032373"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/"
},
{
"name": "74756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:52:17",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "1032373",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032373"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/"
},
{
"name": "74756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2015-3990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032373",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032373"
},
{
"name": "https://support.software.dell.com/product-notification/152178",
"refsource": "CONFIRM",
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/"
},
{
"name": "74756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2015-3990",
"datePublished": "2015-05-20T18:00:00",
"dateReserved": "2015-05-15T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2396 (GCVE-0-2016-2396)
Vulnerability from nvd – Published: 2016-02-17 15:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:52:16",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "1035015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2016-2396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035015"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-164",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-164"
},
{
"name": "https://support.software.dell.com/product-notification/185943",
"refsource": "CONFIRM",
"url": "https://support.software.dell.com/product-notification/185943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2016-2396",
"datePublished": "2016-02-17T15:00:00",
"dateReserved": "2016-02-17T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2397 (GCVE-0-2016-2397)
Vulnerability from nvd – Published: 2016-02-17 15:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"name": "1035015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-19T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"name": "1035015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035015"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.software.dell.com/product-notification/185943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-163",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-163"
},
{
"name": "1035015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035015"
},
{
"name": "https://support.software.dell.com/product-notification/185943",
"refsource": "CONFIRM",
"url": "https://support.software.dell.com/product-notification/185943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2397",
"datePublished": "2016-02-17T15:00:00",
"dateReserved": "2016-02-17T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3990 (GCVE-0-2015-3990)
Vulnerability from nvd – Published: 2015-05-20 18:00 – Updated: 2024-08-06 06:04
VLAI?
Summary
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032373",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032373"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/"
},
{
"name": "74756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:52:17",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "1032373",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032373"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/"
},
{
"name": "74756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2015-3990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032373",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032373"
},
{
"name": "https://support.software.dell.com/product-notification/152178",
"refsource": "CONFIRM",
"url": "https://support.software.dell.com/product-notification/152178"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-231/"
},
{
"name": "74756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2015-3990",
"datePublished": "2015-05-20T18:00:00",
"dateReserved": "2015-05-15T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}