Lucene search

K

Goanywhere MFT Security Vulnerabilities

cve
cve

CVE-2024-25156

A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-03-14 02:15 PM
33
cve
cve

CVE-2024-0204

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration...

9.8CVSS

9.2AI Score

0.501EPSS

2024-01-22 06:15 PM
76
cve
cve

CVE-2023-0669

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version...

7.2CVSS

7.2AI Score

0.969EPSS

2023-02-06 08:15 PM
699
In Wild
2
cve
cve

CVE-2021-46830

A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a...

6.5CVSS

6.4AI Score

0.001EPSS

2022-07-27 11:15 PM
46
3