NotCVE - vendor:"Fortra" product:"Goanywhere Managed File Transfer" version:" >= 7.0.0

2 results (0.013 seconds)

CVSS: 9.8EPSS: 54%CPEs: 2EXPL: 4

CVE-2024-0204 – Authentication Bypass in GoAnywhere MFT

https://notcve.org/view.php?id=CVE-2024-0204

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. La omisión de autenticación en GoAnywhere MFT de Fortra anterior a 7.4.1 permite a un usuario no autorizado crear un usuario administrador a través del portal de administración. • https://github.com/horizon3ai/CVE-2024-0204 https://github.com/m-cetin/CVE-2024-0204 https://github.com/cbeek-r7/CVE-2024-0204 https://github.com/adminlove520/CVE-2024-0204 http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml https://www.fortra.com/security/advisory/fi-2024-001 https://www.horizon3& • CWE-425: Direct Request ('Forced Browsing') •

CVSS: 7.2EPSS: 97%CPEs: 1EXPL: 9

CVE-2023-0669 – Fortra GoAnywhere MFT Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2023-0669

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2. Goanywhere Encryption Helper version 7.1.1 suffers from a remote code execution vulnerability. Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object. • https://www.exploit-db.com/exploits/51339 https://github.com/Avento/CVE-2023-0669 https://github.com/0xf4n9x/CVE-2023-0669 https://github.com/yosef0x01/CVE-2023-0669-Analysis https://github.com/cataliniovita/CVE-2023-0669 http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft https:/ • CWE-502: Deserialization of Untrusted Data •