← back
CVE-2024-29010

CVE-2024-29010

CVSS 7.1 HIGHEPSS 0.6%CWE-611
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
01 May 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Affected products
SonicWall · GMS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007