Description
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- high
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- none
- Weaknesses
- CWE-303CWE-287
Metadata
- Primary Vendor
- FORTRA
- Published
- 8/14/2024
- Last Modified
- 8/19/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
fortra : goanywhere_managed_file_transfer
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.