Critical severity9.8NVD Advisory· Published Feb 17, 2016· Updated May 6, 2026

CVE-2016-2397

Description

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.

Affected products

SonicWall/Analyzer3 versions
cpe:2.3:a:sonicwall:analyzer:7.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:sonicwall:analyzer:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:analyzer:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:analyzer:8.1:*:*:*:*:*:*:*
SonicWall/Global Management System3 versions
cpe:2.3:a:sonicwall:global_management_system:7.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:sonicwall:global_management_system:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:global_management_system:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:global_management_system:8.1:*:*:*:*:*:*:*
SonicWall/Uma Em5000 Firmware3 versions
cpe:2.3:o:sonicwall:uma_em5000_firmware:7.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:sonicwall:uma_em5000_firmware:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:sonicwall:uma_em5000_firmware:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:sonicwall:uma_em5000_firmware:8.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securitytracker.com/id/1035015nvdThird Party AdvisoryVDB Entry
www.zerodayinitiative.com/advisories/ZDI-16-163nvdThird Party Advisory
support.software.dell.com/product-notification/185943nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000