Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for email_security_appliance by sonicwall

    CVE-2019-7489 (GCVE-0-2019-7489)

    Vulnerability from nvd – Published: 2019-12-23 21:50 – Updated: 2024-08-04 20:54
    VLAI
    Summary
    A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall Email Security Appliance Affected: 10.0.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:27.817Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0023"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Email Security Appliance",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-23T21:50:12.000Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0023"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT@sonicwall.com",
              "ID": "CVE-2019-7489",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Email Security Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SonicWall"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0023",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0023"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2019-7489",
        "datePublished": "2019-12-23T21:50:12.000Z",
        "dateReserved": "2019-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:27.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7488 (GCVE-0-2019-7488)

    Vulnerability from nvd – Published: 2019-12-23 21:50 – Updated: 2024-08-04 20:54
    VLAI
    Summary
    Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall Email Security Appliance Affected: 10.0.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:27.831Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0014"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Email Security Appliance",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-255",
                  "description": "CWE-255: Credentials Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-23T21:50:12.000Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0014"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT@sonicwall.com",
              "ID": "CVE-2019-7488",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Email Security Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SonicWall"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-255: Credentials Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0014",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0014"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2019-7488",
        "datePublished": "2019-12-23T21:50:12.000Z",
        "dateReserved": "2019-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:27.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-2879 (GCVE-0-2014-2879)

    Vulnerability from nvd – Published: 2014-04-17 14:00 – Updated: 2024-08-06 10:28
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:28:46.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1029965",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1029965"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vulnerability-lab.com/get_content.php?id=1191"
              },
              {
                "name": "20140327 Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/531642/100/0/threaded"
              },
              {
                "name": "66501",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/66501"
              },
              {
                "name": "20140328 Dell SonicWall EMail Security 7.4.5 - Multiple Vulnerabilities (Bulletin)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Mar/409"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1029965",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1029965"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vulnerability-lab.com/get_content.php?id=1191"
            },
            {
              "name": "20140327 Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/531642/100/0/threaded"
            },
            {
              "name": "66501",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/66501"
            },
            {
              "name": "20140328 Dell SonicWall EMail Security 7.4.5 - Multiple Vulnerabilities (Bulletin)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Mar/409"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-2879",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1029965",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1029965"
                },
                {
                  "name": "http://www.vulnerability-lab.com/get_content.php?id=1191",
                  "refsource": "MISC",
                  "url": "http://www.vulnerability-lab.com/get_content.php?id=1191"
                },
                {
                  "name": "20140327 Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/531642/100/0/threaded"
                },
                {
                  "name": "66501",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/66501"
                },
                {
                  "name": "20140328 Dell SonicWall EMail Security 7.4.5 - Multiple Vulnerabilities (Bulletin)",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Mar/409"
                },
                {
                  "name": "http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-2879",
        "datePublished": "2014-04-17T14:00:00.000Z",
        "dateReserved": "2014-04-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:28:46.334Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7489 (GCVE-0-2019-7489)

    Vulnerability from cvelistv5 – Published: 2019-12-23 21:50 – Updated: 2024-08-04 20:54
    VLAI
    Summary
    A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall Email Security Appliance Affected: 10.0.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:27.817Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0023"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Email Security Appliance",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-23T21:50:12.000Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0023"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT@sonicwall.com",
              "ID": "CVE-2019-7489",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Email Security Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SonicWall"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0023",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0023"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2019-7489",
        "datePublished": "2019-12-23T21:50:12.000Z",
        "dateReserved": "2019-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:27.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7488 (GCVE-0-2019-7488)

    Vulnerability from cvelistv5 – Published: 2019-12-23 21:50 – Updated: 2024-08-04 20:54
    VLAI
    Summary
    Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall Email Security Appliance Affected: 10.0.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:27.831Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0014"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Email Security Appliance",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-255",
                  "description": "CWE-255: Credentials Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-23T21:50:12.000Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0014"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT@sonicwall.com",
              "ID": "CVE-2019-7488",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Email Security Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SonicWall"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-255: Credentials Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0014",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0014"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2019-7488",
        "datePublished": "2019-12-23T21:50:12.000Z",
        "dateReserved": "2019-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:27.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-2879 (GCVE-0-2014-2879)

    Vulnerability from cvelistv5 – Published: 2014-04-17 14:00 – Updated: 2024-08-06 10:28
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:28:46.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1029965",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1029965"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vulnerability-lab.com/get_content.php?id=1191"
              },
              {
                "name": "20140327 Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/531642/100/0/threaded"
              },
              {
                "name": "66501",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/66501"
              },
              {
                "name": "20140328 Dell SonicWall EMail Security 7.4.5 - Multiple Vulnerabilities (Bulletin)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Mar/409"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1029965",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1029965"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vulnerability-lab.com/get_content.php?id=1191"
            },
            {
              "name": "20140327 Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/531642/100/0/threaded"
            },
            {
              "name": "66501",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/66501"
            },
            {
              "name": "20140328 Dell SonicWall EMail Security 7.4.5 - Multiple Vulnerabilities (Bulletin)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Mar/409"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-2879",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1029965",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1029965"
                },
                {
                  "name": "http://www.vulnerability-lab.com/get_content.php?id=1191",
                  "refsource": "MISC",
                  "url": "http://www.vulnerability-lab.com/get_content.php?id=1191"
                },
                {
                  "name": "20140327 Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/531642/100/0/threaded"
                },
                {
                  "name": "66501",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/66501"
                },
                {
                  "name": "20140328 Dell SonicWall EMail Security 7.4.5 - Multiple Vulnerabilities (Bulletin)",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Mar/409"
                },
                {
                  "name": "http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-2879",
        "datePublished": "2014-04-17T14:00:00.000Z",
        "dateReserved": "2014-04-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:28:46.334Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }