Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2879

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2879
Last Modified 05 May 2014 01:34:29
Published 17 Apr 2014 10:55:12
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2879

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.

Vulnerable Systems

Application

  • Dell Sonicwall Email Security 7.5


References

MISC - http://www.vulnerability-lab.com/get_content.php?id=1191

CONFIRM - http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf

SECTRACK - 1029965

FULLDISC - 20140328 Dell SonicWall EMail Security 7.4.5 - Multiple Vulnerabilities (Bulletin)

BID - 66501

BUGTRAQ - 20140327 Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities


Last Updated: 27 May 2016 11:05:00