CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29011 – SonicWALL GMS Virtual Appliance ECMClientAuthenticator Hard-Coded Credential Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-29011
Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions. El uso de una contraseña codificada en el endpoint de GMS ECM genera una vulnerabilidad de omisión de autenticación. Este problema afecta a GMS: 9.3.4 y versiones anteriores. This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ECMClientAuthenticator class. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007 • CWE-259: Use of Hard-coded Password •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29010 – SonicWALL GMS Virtual Appliance ECMPolicy XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29010
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions. El documento XML procesado en el endpoint URL de GMS ECM es vulnerable a la inyección de entidad externa XML (XXE), lo que podría resultar en la divulgación de información confidencial. Este problema afecta a GMS: 9.3.4 y versiones anteriores. This vulnerability allows remote attackers to disclose sensitive information on affected installations of SonicWALL GMS Virtual Appliance. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ECMPolicyRequest class. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007 • CWE-611: Improper Restriction of XML External Entity Reference •