VYPR

Email Security Virtual Appliance

by SonicWall

CVEs (6)

  • CVE-2025-40604CriNov 20, 2025
    risk 0.64cvss 9.8epss 0.00

    Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

  • CVE-2019-7489CriDec 23, 2019
    risk 0.64cvss 9.8epss 0.05

    A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.

  • CVE-2019-7488CriDec 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.

  • CVE-2021-20025HigMay 13, 2021
    risk 0.51cvss 7.8epss 0.00

    SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance…

  • CVE-2025-40605MedNov 20, 2025
    risk 0.34cvss 5.3epss 0.00

    A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.

  • CVE-2024-22398MedMar 14, 2024
    risk 0.32cvss 4.9epss 0.01

    An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance…