ГлавнаяУязвимости → CVE-2024-0204
9.8критическая

CVE-2024-0204

Описание

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

Затрагиваемое ПО
Fortra Goanywhere managed file transfer
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.htmlhttp://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.htmlhttps://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtmlhttps://www.fortra.com/security/advisory/fi-2024-001http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.htmlhttp://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.htmlhttps://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtmlhttps://www.fortra.com/security/advisory/fi-2024-001