9.8
CVE-2024-0204
- EPSS 95.09%
- Veröffentlicht 22.01.2024 18:15:20
- Zuletzt bearbeitet 21.11.2024 08:46:03
- Quelle df4dee71-de3a-4139-9588-11b62f
- CVE-Watchlists
- Unerledigt
LoginAuthentication Bypass in GoAnywhere MFT
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortra ≫ Goanywhere Managed File Transfer Version >= 7.0.0 < 7.4.1
Fortra ≫ Goanywhere Managed File Transfer Version6.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 95.09% | 0.999 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| df4dee71-de3a-4139-9588-11b62fe6c0ff | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-425 Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html
http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html
https://www.fortra.com/security/advisory/fi-2024-001