CVE-2024-25157

EPSS 0.13%
Veröffentlicht 14.08.2024 15:15:18
Zuletzt bearbeitet 19.08.2024 18:57:58
Quelle df4dee71-de3a-4139-9588-11b62f
CVE-Watchlists
Login
Unerledigt
Login

An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortra ≫ Goanywhere Managed File Transfer Version < 7.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.324

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	1.2	5.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
df4dee71-de3a-4139-9588-11b62fe6c0ff	6.5	1.2	5.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-303 Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

https://www.fortra.com/security/advisories/product-security/fi-2024-009

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-25157

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25157

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25157

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-25157