According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer (MFT) running on the remote web server is < 7.4.1. It is, therefore, affected by an authentication bypass vulnerability. This can allow an unauthenticated attacker to create an admin user via the administration portal.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
Binary data fortra_goanywhere_mft_CVE-2024-0204.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
helpsystems | goanywhere_managed_file_transfer | cpe:/a:helpsystems:goanywhere_managed_file_transfer |