CVSS: 10.0EPSS: 64%CPEs: 2EXPL: 6CVE-2024-0204 – Authentication Bypass in GoAnywhere MFT
https://notcve.org/view.php?id=CVE-2024-0204
22 Jan 2024 — Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. La omisión de autenticación en GoAnywhere MFT de Fortra anterior a 7.4.1 permite a un usuario no autorizado crear un usuario administrador a través del portal de administración. • https://packetstorm.news/files/id/176683 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 8.3EPSS: 97%CPEs: 1EXPL: 11CVE-2023-0669 – Fortra GoAnywhere MFT Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-0669
06 Feb 2023 — Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2. Goanywhere Encryption Helper version 7.1.1 suffers from a remote code execution vulnerability. Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an at... • https://packetstorm.news/files/id/171789 • CWE-502: Deserialization of Untrusted Data •