Lucene search
Df4dee71-de3a-4139-9588-11b62fe6c0ffNVD:CVE-2024-25157HistoryAug 14, 2024 - 3:15 p.m.
CVE-2024-25157
2024-08-1415:15:18
CWE-303
CWE-287
df4dee71-de3a-4139-9588-11b62fe6c0ff
web.nvd.nist.gov
1
authentication bypass
goanywhere mft
admin users
permission checks
unauthorized information disclosure
modification
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
20.1%
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.
Affected configurations
Node
fortragoanywhere_managed_file_transferRange<7.6.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fortra | goanywhere_managed_file_transfer | * | cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2024-25157
2024-08-14 15:15:18
vulnrichment
vulnrichment
CVE-2024-25157 Authentication bypass in GoAnywhere MFT prior to 7.6.0
2024-08-14 15:04:10
cvelist
cvelist
CVE-2024-25157 Authentication bypass in GoAnywhere MFT prior to 7.6.0
2024-08-14 15:04:10
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
20.1%
Related for NVD:CVE-2024-25157