Operating System:

[WIN][Appliance]

Published:

31 July 2014

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ASB-2014.0091 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0091
           A vulnerability has been identified in multiple Dell
                     SonicWALL GMS, Analyzer, and UMA
                               31 July 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Dell SonicWALL GMS
                      Dell SonicWALL Analyzer
                      Dell SonicWALL UMA
Operating System:     Windows
                      Network Appliance
Impact/Access:        Cross-site Scripting -- Remote with User Interaction
Resolution:           Patch/Upgrade
Member content until: Saturday, August 30 2014

OVERVIEW

        A vulnerability has been identified in Dell SonicWALL GMS, Analyzer,
        and UMA prior to version 7.2 and earlier. [1]


IMPACT

        The vendor has provided the following details regarding this 
        vulnerability:
        
        "A vulnerability in Dell SonicWALL GMS, Analyzer, and UMA has been 
        resolved." [1]


MITIGATION

        The vendor recommends applying relevant patches or upgrading to the
        latest version of all affected products.


REFERENCES

        [1] GMS/Analyzer/UMA Reflected XSS Vulnerability Resolution, July 2014
            https://support.software.dell.com/product-notification/128245

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU9mqYBLndAQH1ShLAQJACg//R9E/pnTPkwqXvvKcok5zLYMmuE/kzek4
ZwFzV6iql/qxcTBLBUhWqy2uF1hosbAOmDansOhTumnOWsC28zqkpzLYu6T4j93t
1Ia5UBh7RvCCFbLRosnC7sXBChIDX8obPkVjEzfVUlHrdP7RCHUxgfrjwCyTfb9D
yA2n3gXfSQkoG4yhBBiawFsNgxyA+9hZt0vaGeion1b0qJ/kT5nIguuBqdkSEKf4
AsUa2xAz2N9Of/2YkxbNpZSaSexwBtptEf3iwNY+iLvYXqUA7ZypIhAz5RQFWrIG
nf7/3ZaGdSnzabYxguDFaly2JjOB7ejdglGKSMJM52oTRXFLpeAAyzk7E2tBWDrp
6J0QXJAnoqlrZSZRvYQnfEFNl1DUdgAyITFH91QDgviuo0Ukitzo6z3NsivxDdfm
qJ2zfOX17h1Yzm/f7JkczqAA8jYS+NcXP0k8+RhWrULOuyNqcQ9ahtDKCCPHIipr
dGugPaAoEaE79yRSBezmNzbu/n5Czgfram1uG6PYUouXMAPQodGuW0Mut+WxgNJT
bS7EUNdrA4fvOY2rQlFoMubGzh7wQqBmehhfNNe6m0gkkQhiOYe1AJ6g+iBxnoBy
c0ZEhTsb2fxfecCmuTG1Cv+FUrEFd2reEUgIPViBWqxRozKVOrjcx7ej5RN6lJPT
HnPf3YLxJCE=
=aurV
-----END PGP SIGNATURE-----