Lucene search

K
osvGoogleOSV:GHSA-6PM2-J2V8-H3CJ
HistoryFeb 06, 2023 - 9:30 p.m.

Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework

2023-02-0621:30:29
Google
osv.dev
21
fortra goanywhere mft
license response servlet
command injection
pre-authentication
deserialization
vulnerability

EPSS

0.969

Percentile

99.7%

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.

CPENameOperatorVersion
metasploit-frameworkeq6.0.33