SonicWall

SonicWall Service Bulletin: GMS/Analyzer Vulnerabilities - November 2016

First Published:11/15/2016 Last Updated:12/20/2019

Vulnerabilities in the SonicWALL GMS and Analyzer have been resolved.

Affected Products

SonicWALL GMS and Analyzer

Affected Software Versions

Versions 8.0 and 8.1

Issue Summary

Vulnerabilities were found pertaining to input validation/filter bypass, SQL Injection, XSS, and Adobe Flex bypass.

To fix these vulnerabilities, SonicWall recommends that existing users of SonicWALL GMS and Analyzer upgrade to GMS/Analyzer 8.2.

GMS/Analyzer 8.2 is available for download from https://www.mysonicwall.com. Users should log into MySonicWALL and click on Downloads > Download Center in the navigation panel on the left, then select GMS/Analyzer – Virtual Appliance or GMS/Analyzer – Windows in the Software Type drop down menu. Please see the Release Note for this release for detailed installation procedures.

Reported by

Vulnerability Labs (VL-ID-1819, input validation/filter bypass)

Zero Day Initiative (ZDI-CAN-3748, SQL Injection)

Zero Science Lab (VR-2016-01-C0V, SQL Injection; VR-2016-01-C1D, XSS; VR-2016-01-C1F, Adobe Flex Bypass)

Tenable Network Security (Remote Privilege Escalation)

Additional Information

Please contact SonicWALL Support https://support.sonicwall.com/sonicwall-gms/software

Next Alert
SonicWall notice concerning OpenSSL defects including Man-in-the-Middle vulnerability (CVE-2014-0224)
Company
Popular resources

Stay In Touch

  • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
  • This field is for validation purposes and should be left unchanged.

© 2023 SonicWall. All Rights Reserved.