Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSonicwall Analytics
APPSonicwall≤ 2.5.0.4-r7Sonicwall Global Management System
APPSonicwall9.3.2< 9.3.2
Related vulnerabilities
Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted l...
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing aut...
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensi...
Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allow...
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper c...