mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
114 lines
3.3 KiB
JSON
114 lines
3.3 KiB
JSON
{
|
|
"id": "CVE-2023-34133",
|
|
"sourceIdentifier": "PSIRT@sonicwall.com",
|
|
"published": "2023-07-13T03:15:09.590",
|
|
"lastModified": "2023-09-08T23:15:10.000",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-89"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "PSIRT@sonicwall.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-89"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "2.5.0.4-r7",
|
|
"matchCriteriaId": "A5BFA6B7-2070-4FCA-B27C-5ED1047B1101"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "9.3.2",
|
|
"matchCriteriaId": "02CDB54F-B795-42B3-A406-22D7E4A03ACB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2E8493ED-1A01-4FAA-9608-4481DDD0D69B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "89A96771-621F-4D0D-B667-0A99F5F76789"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html",
|
|
"source": "PSIRT@sonicwall.com"
|
|
},
|
|
{
|
|
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010",
|
|
"source": "PSIRT@sonicwall.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.sonicwall.com/support/notices/230710150218060",
|
|
"source": "PSIRT@sonicwall.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |