Описание
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Broken LinkThird Party Advisory
- ExploitThird Party Advisory
- Patch
- MitigationThird Party Advisory
- Product
- MitigationThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Broken LinkThird Party Advisory
- ExploitThird Party Advisory
- Patch
- MitigationThird Party Advisory
- Product
- MitigationThird Party Advisory
- US Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 7.1.2 (исключая)
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.94378
Критический
7.2 High
CVSS3
Дефекты
CWE-502
CWE-502
Связанные уязвимости
CVSS3: 7.2
github
около 3 лет назад
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
CVSS3: 6.3
fstec
около 3 лет назад
Уязвимость приложения для безопасной передачи файлов Fortra (HelpSystems) GoAnywhere MFT, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код
EPSS
Процентиль: 100%
0.94378
Критический
7.2 High
CVSS3
Дефекты
CWE-502
CWE-502