A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
References
Link | Resource |
---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001 | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
|
Information
Published : 2021-02-03 22:15
Updated : 2021-02-08 06:40
NVD link : CVE-2021-20016
Mitre link : CVE-2021-20016
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
sonicwall
- sma_200
- sma_410
- sma_400_firmware
- sma_410_firmware
- sma_100
- sma_210_firmware
- sma_200_firmware
- sma_400
- sma_210
- sma_500v
- sma_100_firmware