Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user.
GoAnywhere MFT is used by organizations worldwide to secure transfer files with customers and business partners. It supports secure encryption protocols, automation, centralized control, and various logging and reporting tools that aid in legal compliance and auditing.
The newly disclosed flaw is tracked as CVE-2024-0204 and is rated critical with a CVSS v3.1 score of 9.8 as it is remotely exploitable, allowing an unauthorized user to create admin users via the product’s administration portal.
[...]
Fortra warns of new critical GoAnywhere MFT auth bypass, patch now
Fortra warns of new critical GoAnywhere MFT auth bypass, patch now
-
rbc
- President
- Posts: 273
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Fortra warns of new critical GoAnywhere MFT auth bypass, patch now
Robert B. Carleton + ISC2 Central Mississippi President