Описание
An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.9.0 (исключая)
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00043
Низкий
4.2 Medium
CVSS3
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 4.2
github
2 месяца назад
An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key.
EPSS
Процентиль: 13%
0.00043
Низкий
4.2 Medium
CVSS3
Дефекты
CWE-732