Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html | |
https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml | Permissions Required |
https://www.fortra.com/security/advisory/fi-2024-001 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Jan 2024, 19:36
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-425 | |
CPE | cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:* cpe:2.3:a:fortra:goanywhere_managed_file_transfer:6.0.0:*:*:*:*:*:*:* |
|
References | () https://www.fortra.com/security/advisory/fi-2024-001 - Vendor Advisory | |
References | () https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml - Permissions Required | |
References | () http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html - Third Party Advisory, VDB Entry |
24 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jan 2024, 19:10
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-22 18:15
Updated : 2024-02-02 17:15
NVD link : CVE-2024-0204
Mitre link : CVE-2024-0204
CVE.ORG link : CVE-2024-0204
JSON object : View
Products Affected
fortra
- goanywhere_managed_file_transfer
CWE
CWE-425
Direct Request ('Forced Browsing')