Lucene search

[email protected]CVE-2014-5024

HistoryJul 24, 2014 - 2:55 p.m.

CVE-2014-5024

2014-07-2414:55:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-5024

cross-site scripting

xss

dell sonicwall

gms

analyzer

uma

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.5%

JSON

Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter.

Affected configurations

NVD

Node

sonicwallanalyzerRange≤7.2

sonicwallglobal_management_systemRange≤7.2

sonicwalluma_em5000Match-

CPENameOperatorVersion
sonicwall:analyzersonicwall analyzerle7.2
sonicwall:global_management_systemsonicwall global management systemle7.2
sonicwall:uma_em5000sonicwall uma em5000eq-

CPE	Name	Operator	Version
sonicwall:analyzer	sonicwall analyzer	le	7.2
sonicwall:global_management_system	sonicwall global management system	le	7.2
sonicwall:uma_em5000	sonicwall uma em5000	eq	-

References

packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2014/Jul/125

secunia.com/advisories/60287

www.securityfocus.com/bid/68829

support.software.dell.com/product-notification/128245

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.5%

JSON

Related for CVE-2014-5024

prion1 cvelist1 nvd1