Unauthorized Information Disclosure or Modification Vulnerability in GoAnywhere MFT Prior to 7.6.0

CVE-2024-25157

6.5MEDIUM

Key Information

Vendor
Fortra
Status
Goanywhere Mft
Vendor
CVE Published:
14 August 2024

Summary

An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.

Affected Version(s)

GoAnywhere MFT <= 6.0.1

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.