CVE-2024-0204

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:6.0.0:*:*:*:*:*:*:*

History

02 Feb 2024, 17:15

Type Values Removed Values Added
References
  • () http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html -

29 Jan 2024, 19:36

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Fortra goanywhere Managed File Transfer
Fortra
CWE CWE-425
CPE cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:6.0.0:*:*:*:*:*:*:*
References () https://www.fortra.com/security/advisory/fi-2024-001 - () https://www.fortra.com/security/advisory/fi-2024-001 - Vendor Advisory
References () https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml - () https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml - Permissions Required
References () http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html - () http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html - Third Party Advisory, VDB Entry

24 Jan 2024, 16:15

Type Values Removed Values Added
References
  • () http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html -

22 Jan 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-22 18:15

Updated : 2024-02-28 20:54


NVD link : CVE-2024-0204

Mitre link : CVE-2024-0204

CVE.ORG link : CVE-2024-0204


JSON object : View

Products Affected

fortra

  • goanywhere_managed_file_transfer
CWE
CWE-425

Direct Request ('Forced Browsing')