CVE-2024-0204

CVSS V2 None CVSS V3 None

Description

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

Overview

CVE ID
CVE-2024-0204

Assigner
Fortra

Vulnerability Status
PUBLISHED

Published Version
2024-01-22T18:05:13.194Z

Last Modified Date
2024-01-22T18:05:13.194Z

Weakness Enumerations

CWE	URL
CWE-425	http://cwe.mitre.org/data/definitions/425.html

References

Reference URL	Reference Tags
https://www.fortra.com/security/advisory/fi-2024-001	vendor-advisory
https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml	permissions-required
http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html
http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-0204
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0204

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 09:50:45				Added to TrackCVE