CVE-2024-29010

Name of the Vulnerable Software and Affected Versions GMS versions 9.3.4 and earlier

Description The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. This issue could allow remote attackers to disclose sensitive information on affected installations of SonicWALL GMS Virtual Appliance, although authentication is required to exploit this vulnerability.

Recommendations For GMS versions 9.3.4 and earlier, consider disabling the XML external entity processing in the GMS ECM URL endpoint as a temporary workaround until a patch is available. Restrict access to the GMS ECM URL endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.