The message below went out to our mailing list this morning regarding CVE-2023-48795 and SFTP Gateway.
We are contacting you about a security matter affecting all SFTP implementations, including SFTP Gateway and OpenSSH. Labeled CVE-2023-48795 in the National Vulnerability Database, this impacts much more than SFTP Gateway and requires your immediate attention.
To protect your SFTP Gateway instance, we strongly recommend executing our in-place upgrade script to update to version SFTP Gateway 3.4.6, as outlined by cloud platform in our Knowledge Base (KB) at the links below. The information can help anyone using SSH, not only those using SFTP Gateway.
CVE-2023-48795 and SFTP Gateway – Knowledge Base Links
Please be aware that this security update is crucial for protecting your data. Feel free to contact our support team for more help or clarification. Our Founder and CEO, Jeff Thorn, posted about this issue on LinkedIn and Twitter today.
We will continue monitoring this situation and update you if further action is required beyond the steps outlined above.
Thank you for your commitment to maintaining a secure SFTP Gateway environment. We appreciate your business and the trust you place in us.
The Thorn Tech Team