CVE-2016-2397

CVSS 9.8 - CRITICAL
Description

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.

Affected Products
10
Vendor Product Version
sonicwall uma_em5000_firmware 7.2
sonicwall uma_em5000_firmware 8.0
sonicwall uma_em5000_firmware 8.1
sonicwall uma_em5000 -
sonicwall analyzer 7.2
sonicwall analyzer 8.0
sonicwall analyzer 8.1
sonicwall global_management_system 7.2
sonicwall global_management_system 8.0
sonicwall global_management_system 8.1
References
http://www.securitytracker.com/id/1035015
http://www.zerodayinitiative.com/advisories/ZDI-16...
https://support.software.dell.com/product-notifica...
http://www.securitytracker.com/id/1035015
http://www.zerodayinitiative.com/advisories/ZDI-16...
https://support.software.dell.com/product-notifica...
Weakness Types
CWE-77
CVE Information
CVE ID:
CVE-2016-2397
Published:
2016-02-17
Modified:
2026-05-06
CVSS Score:
9.8
Severity:
CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Vendors
sonicwall
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL