SonicWall Support Alert - SonicWall GMS Service Bulletin for Cross-Site Scripting Vulnerability 7.x
Dell SonicWALL GMS Service Bulletin for Cross-Site Scripting Vulnerability
A vulnerability was reported in Dell SonicWALL GMS/Analyzer/UMA in October 2013.
This is a service bulletin for 125782, a mandatory HotFix that resolves the vulnerability in SonicWALL GMS, Analyzer, and on the Universal Management Appliance EM5000 (UMA EM5000). This HotFix must be applied to your version 5.1.x, 6.0.x, and 7.0.x GMS, Analyzer, and UMA deployments after applying HotFixes 125076.77 and 125323. These Hotfixes can be downloaded from www.mysonicwall.com.
Dell SonicWALL Appliances
Affected Software Versions
Cross-site scripting vulnerability.
We recommend existing users of Dell SonicWALL GMS/Analyzer/UMA 7.1 to apply SP1 (if they have not already done so), and then apply Hotfix 134235 to prevent cross-site scripting by unauthorized users. 7.1 SP1 and the Hotfix are available for download from www.mysonicwall.com. Users should log into mySonicWALL and click on Downloads > Download Center in the navigation panel on the left, then select �GMS/Analyzer� in the Software Type drop down menu.
Benjamin Kunz Mejri, Vulnerability Research Laboratory
Please contact Dell Software Support