Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-25157
PUBLISHED
More InfoOfficial Page
Assigner-Fortra
Assigner Org ID-df4dee71-de3a-4139-9588-11b62fe6c0ff
View Known Exploited Vulnerability (KEV) details
Published At-14 Aug, 2024 | 15:04
Updated At-29 Aug, 2024 | 03:55
Rejected At-
▼CVE Numbering Authority (CNA)
Authentication bypass in GoAnywhere MFT prior to 7.6.0

An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.

Affected Products
Vendor
Fortra LLCFortra
Product
GoAnywhere MFT
Default Status
affected
Versions
Affected
  • From 6.0.1 before 7.6.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-303CWE-303: Incorrect Implementation of Authentication Algorithm
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-114CAPEC-114 Authentication Abuse
Solutions

Upgrade to GoAnywhere MFT 7.6.0

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.fortra.com/security/advisories/product-security/fi-2024-009
N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Fortra LLCfortra
Product
goanywhere_managed_file_transfer
CPEs
  • cpe:2.3:a:fortra:goanywhere_managed_file_transfer:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 6.0.1 before 7.6.0 (semver)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found