Lucene search
+L

219 matches found

NVD
NVD
added 2023/02/06 8:15 p.m.27 views

CVE-2023-0669

Fortra formerly, HelpSystems GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2...

7.2CVSS7.4AI score0.99999EPSS
Exploits12References9
Prion
Prion
added 2023/02/06 8:15 p.m.38 views

Command injection

Fortra formerly, HelpSystems GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2...

5.8CVSS7.2AI score0.99999EPSS
Exploits12References8Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/06 7:16 p.m.19 views

CVE-2023-0669 Fortra GoAnywhere MFT License Response Servlet Command Injection

Fortra formerly, HelpSystems GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2...

7.3AI score0.99999EPSS
Exploits12References8
Cvelist
Cvelist
added 2023/02/06 7:16 p.m.41 views

CVE-2023-0669 Fortra GoAnywhere MFT License Response Servlet Command Injection

Fortra formerly, HelpSystems GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2...

7.2AI score0.99999EPSS
Exploits12References8
CVE
CVE
added 2023/02/06 7:16 p.m.1079 views

CVE-2023-0669

Fortra GoAnywhere MFT is affected by CVE-2023-0669, a pre-authentication deserialization vulnerability in the License Response Servlet that enables remote code execution by deserializing attacker-controlled objects. Exploitation and PoCs exist in public exploits/analyses; vendors patched the issu...

7.2CVSS7.4AI score0.99999EPSS
In wildExploits12References9Affected Software1
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.6 views

HelpSystems GoAnywhere MFT 代码问题漏洞

HelpSystems GoAnywhere MFT is a hosted file transfer software from HelpSystems USA. A security vulnerability exists in HelpSystems GoAnywhere MFT that stems from incorrect authentication, which can lead to command injection...

7.2CVSS8.2AI score0.99999EPSS
Exploits12References13
ATTACKERKB
ATTACKERKB
added 2023/02/06 12:0 a.m.50 views

CVE-2023-0669

Fortra formerly, HelpSystems GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2. Recent assessments: rbowes-r7 at February 06, 2023...

7.2CVSS7.3AI score0.99999EPSS
In wildExploits12References11
The Hacker News
The Hacker News
added 2023/02/04 4:41 a.m.4 views

Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT

A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is ...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/04 4:41 a.m.23 views

Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT

A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is ...

1.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/02/03 4:18 p.m.66 views

Exploitation of GoAnywhere MFT zero-day vulnerability

Emergent threats evolve quickly. As we learn more about this vulnerability, we will update this blog post with relevant information about technical findings, product coverage, and other information that can assist you with assessment and mitigation. On Thursday, February 2, 2023, security reporte...

0.8AI score0.99999EPSS
Exploits12
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.4 views

PT-2023-1431

Name of the Vulnerable Software and Affected Versions Fortra GoAnywhere MFT versions prior to 7.1.2 Description Fortra GoAnywhere MFT is susceptible to a pre-authentication command injection due to the deserialization of attacker-controlled objects within the License Response Servlet. The Clop...

7.2CVSS8.8AI score0.99999EPSS
Exploits12References70
OSV
OSV
added 2022/07/27 11:15 p.m.5 views

CVE-2021-46830

A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a...

6.5CVSS5.8AI score0.00864EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/07/27 11:15 p.m.5 views

CVE-2021-46830

A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a...

6.5CVSS6.6AI score0.00864EPSS
Exploits0References4
NVD
NVD
added 2022/07/27 11:15 p.m.18 views

CVE-2021-46830

A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a...

6.5CVSS0.00864EPSS
Exploits0References3
Prion
Prion
added 2022/07/27 11:15 p.m.19 views

Path traversal

A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a...

4CVSS6.5AI score0.00864EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/07/27 10:3 p.m.90 views

CVE-2021-46830

The CVE-2021-46830 issue affects HelpSystems GoAnywhere MFT, specifically the Web Client self-registration feature. A path traversal vulnerability exists in GoAnywhere MFT versions prior to 6.8.3, where an external user who self-registers with a crafted username and/or profile information could a...

6.5CVSS6.4AI score0.00864EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/07/27 10:3 p.m.24 views

CVE-2021-46830

A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a...

6.7AI score0.00864EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.8 views

PT-2022-12936 · Unknown · Goanywhere Mft

Name of the Vulnerable Software and Affected Versions: GoAnywhere MFT versions prior to 6.8.3 Description: A path traversal issue exists that could allow an external user who self-registers with specific username and/or profile information to access files at a higher directory level than intended...

6.5CVSS6.4AI score0.00864EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.6 views

HelpSystems GoAnywhere MFT 路径遍历漏洞

HelpSystems GoAnywhere MFT is a hosted file transfer software from HelpSystems USA. A path traversal vulnerability exists in HelpSystems GoAnywhere MFT prior to version 6.8.3, which originates from allowing an external user who self-registers with a specific username or profile information to gai...

6.5CVSS6.5AI score0.00864EPSS
Exploits0References4
Rows per page
Query Builder