Description

GoAnywhere MFT has an authentication bypass vulnerability. An attacker can bypass the authentication with a specially crafted HTTP request, add a new administrator and get full access to the system.

Remediation

Upgrade to the latest version of GoAnywhere MFT

References

FI-2024-001 - Authentication Bypass in GoAnywhere MFT

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive

Related Vulnerabilities

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21398)

Oracle Application Server CVE-2006-0284 Vulnerability (CVE-2006-0284)

MySQL CVE-2014-6469 Vulnerability (CVE-2014-6469)

Roundcube Resource Management Errors Vulnerability (CVE-2011-4078)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11113)

Severity

Critical

Classification

CVE-2024-0204 CWE-425 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Tags

Authentication Bypass Known Vulnerabilities