Products
GoAnywhere MFT
- before 7.6.0
Source
df4dee71-de3a-4139-9588-11b62fe6c0ff
Tags
CVE-2024-25157 details
Published : Aug. 14, 2024, 3:15 p.m.
Last Modified : Aug. 14, 2024, 5:49 p.m.
Last Modified : Aug. 14, 2024, 5:49 p.m.
Description
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6.5 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-303 | Incorrect Implementation of Authentication Algorithm | The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
6.5
Exploitability Score
1.2
Impact Score
5.2
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
References
URL | Source |
---|---|
https://www.fortra.com/security/advisories/product-security/fi-2024-009 | df4dee71-de3a-4139-9588-11b62fe6c0ff |
This website uses the NVD API, but is not approved or certified by it.