CVE-2024-29010

Published: May 1, 2024Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Exploitability: 2.8 / Impact: 4.2

Source: PSIRT@sonicwall.com (Secondary)

Description

The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions.

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007

Source: PSIRT@sonicwall.com

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.