A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NSonicwall Email Security Appliance 5000
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 5000 Firmware
OSSonicwall≤ 10.0.33.8195Sonicwall Email Security Appliance 5050
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 5050 Firmware
OSSonicwall≤ 10.0.33.8195Sonicwall Email Security Appliance 7000
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 7000 Firmware
OSSonicwall≤ 10.0.33.8195Sonicwall Email Security Appliance 7050
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 7050 Firmware
OSSonicwall≤ 10.0.33.8195Sonicwall Email Security Appliance 9000
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 9000 Firmware
OSSonicwall≤ 10.0.33.8195
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
Related vulnerabilities
CVE-2021-20021CRITICAL9.8⚠ KEVten sam produkt
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrativ...
CVE-2025-40604CRITICAL9.8PL ✓ten sam produkt
SonicWall Email Security – ładowanie obrazów bez weryfikacji podpisu (RCE)
CVE-2021-20022HIGH7.2⚠ KEVten sam produkt
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker t...
CVE-2021-20023MEDIUM4.9⚠ KEVten sam produkt
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker t...
CVE-2025-23006CRITICAL9.8⚠ KEVPL ✓ten sam vendor
SonicWall SMA1000 — pre-auth deserialization umożliwiający RCE