Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html | |
https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml | Permissions Required |
https://www.fortra.com/security/advisory/fi-2024-001 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Fortra
Published: 2024-01-22T18:05:13.194Z
Updated: 2024-01-22T18:05:13.194Z
Reserved: 2024-01-03T00:12:28.436Z
Link: CVE-2024-0204
JSON object: View
NVD Information
Status : Modified
Published: 2024-01-22T18:15:20.137
Modified: 2024-02-02T17:15:11.167
Link: CVE-2024-0204
JSON object: View
Redhat Information
No data.
CWE