Fortra warns of new critical GoAnywhere MFT auth bypass, patch now
Posted: Tue Jan 23, 2024 4:00 pm
Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user.
GoAnywhere MFT is used by organizations worldwide to secure transfer files with customers and business partners. It supports secure encryption protocols, automation, centralized control, and various logging and reporting tools that aid in legal compliance and auditing.
The newly disclosed flaw is tracked as CVE-2024-0204 and is rated critical with a CVSS v3.1 score of 9.8 as it is remotely exploitable, allowing an unauthorized user to create admin users via the product’s administration portal.
[...]
Fortra warns of new critical GoAnywhere MFT auth bypass, patch now
GoAnywhere MFT is used by organizations worldwide to secure transfer files with customers and business partners. It supports secure encryption protocols, automation, centralized control, and various logging and reporting tools that aid in legal compliance and auditing.
The newly disclosed flaw is tracked as CVE-2024-0204 and is rated critical with a CVSS v3.1 score of 9.8 as it is remotely exploitable, allowing an unauthorized user to create admin users via the product’s administration portal.
[...]
Fortra warns of new critical GoAnywhere MFT auth bypass, patch now