First published: Thu Jul 13 2023(Updated: )
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Credit: PSIRT@sonicwall.com PSIRT@sonicwall.com
Affected Software | Affected Version | How to fix |
---|---|---|
SonicWall Analytics | <=2.5.0.4-r7 | |
SonicWALL Global Management System | <9.3.2 | |
SonicWALL Global Management System | =9.3.2 | |
SonicWALL Global Management System | =9.3.2-sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-34128.
The severity level of CVE-2023-34128 is critical.
Vulnerability CVE-2023-34128 allows unauthorized users to access Tomcat application credentials in SonicWall GMS and Analytics, potentially leading to unauthorized access to the system.
SonicWall GMS versions 9.3.2-SP1 and earlier are affected by vulnerability CVE-2023-34128.
SonicWall Analytics versions 2.5.0.4-R7 and earlier are affected by vulnerability CVE-2023-34128.
Yes, SonicWall has released patches to address vulnerability CVE-2023-34128. It is recommended to update to the latest version of GMS and Analytics.
More information about vulnerability CVE-2023-34128 can be found on the SonicWall PSIRT website and the SonicWall support notices page.