CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29011 – SonicWALL GMS Virtual Appliance ECMClientAuthenticator Hard-Coded Credential Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-29011
01 May 2024 — Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions. El uso de una contraseña codificada en el endpoint de GMS ECM genera una vulnerabilidad de omisión de autenticación. Este problema afecta a GMS: 9.3.4 y versiones anteriores. This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL GMS Virtual Appliance. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007 • CWE-259: Use of Hard-coded Password •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29010 – SonicWALL GMS Virtual Appliance ECMPolicy XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29010
01 May 2024 — The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions. El documento XML procesado en el endpoint URL de GMS ECM es vulnerable a la inyección de entidad externa XML (XXE), lo que podría resultar en la divulgación de información confidencial. Este problema afecta a GMS: 9.3.4 y versiones anteriores. This vulnerability allows remote attacker... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007 • CWE-611: Improper Restriction of XML External Entity Reference •