Lucene search

MitreCVE-2013-7025

HistoryDec 09, 2013 - 4:36 p.m.

CVE-2013-7025

2013-12-0916:36:50

CWE-79

mitre

web.nvd.nist.gov

cve-2013-7025

cross-site scripting

xss

dell sonicwall

gms

security vulnerability

web script injection

html injection

nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.006

Percentile

79.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.

Affected configurations

Nvd

Node

sonicwallanalyzerMatch7.0

sonicwallanalyzerMatch7.1

sonicwallanalyzerMatch7.1sp1

sonicwallglobal_management_systemMatch7.0

sonicwallglobal_management_systemMatch7.1

sonicwallglobal_management_systemMatch7.1sp1

Node

sonicwalluma_e5000_firmwareMatch7.0

sonicwalluma_e5000_firmwareMatch7.1

sonicwalluma_e5000_firmwareMatch7.1sp1

AND

sonicwalluma_e5000Match-

VendorProductVersionCPE
sonicwallanalyzer7.0cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*
sonicwallanalyzer7.1cpe:2.3:a:sonicwall:analyzer:7.1:*:*:*:*:*:*:*
sonicwallanalyzer7.1cpe:2.3:a:sonicwall:analyzer:7.1:sp1:*:*:*:*:*:*
sonicwallglobal_management_system7.0cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*
sonicwallglobal_management_system7.1cpe:2.3:a:sonicwall:global_management_system:7.1:*:*:*:*:*:*:*
sonicwallglobal_management_system7.1cpe:2.3:a:sonicwall:global_management_system:7.1:sp1:*:*:*:*:*:*
sonicwalluma_e5000_firmware7.0cpe:2.3:o:sonicwall:uma_e5000_firmware:7.0:*:*:*:*:*:*:*
sonicwalluma_e5000_firmware7.1cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:*:*:*:*:*:*:*
sonicwalluma_e5000_firmware7.1cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:sp1:*:*:*:*:*:*
sonicwalluma_e5000-cpe:2.3:h:sonicwall:uma_e5000:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sonicwall	analyzer	7.0	cpe:2.3:a:sonicwall:analyzer:7.0:::::::*
sonicwall	analyzer	7.1	cpe:2.3:a:sonicwall:analyzer:7.1:::::::*
sonicwall	analyzer	7.1	cpe:2.3:a:sonicwall:analyzer:7.1:sp1::::::
sonicwall	global_management_system	7.0	cpe:2.3:a:sonicwall:global_management_system:7.0:::::::*
sonicwall	global_management_system	7.1	cpe:2.3:a:sonicwall:global_management_system:7.1:::::::*
sonicwall	global_management_system	7.1	cpe:2.3:a:sonicwall:global_management_system:7.1:sp1::::::
sonicwall	uma_e5000_firmware	7.0	cpe:2.3:o:sonicwall:uma_e5000_firmware:7.0:::::::*
sonicwall	uma_e5000_firmware	7.1	cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:::::::*
sonicwall	uma_e5000_firmware	7.1	cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:sp1::::::
sonicwall	uma_e5000	-	cpe:2.3:h:sonicwall:uma_e5000:-:::::::*

References

archives.neohapsis.com/archives/bugtraq/2013-12/0022.html

osvdb.org/100610

seclists.org/fulldisclosure/2013/Dec/32

secunia.com/advisories/55923

www.exploit-db.com/exploits/30054

www.securityfocus.com/bid/64103

www.securitytracker.com/id/1029433

www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf

www.vulnerability-lab.com/get_content.php?id=1099

exchange.xforce.ibmcloud.com/vulnerabilities/89462

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.006

Percentile

79.0%

JSON

Related for CVE-2013-7025