PT-2024-20789 · Unknown · Goanywhere Mft

Islam Elrfai

+2

·

Published

2024-03-14

·

Updated

2024-03-14

·

CVE-2024-25156

Report an issue
CVSS v3.1
6.5
VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions:

GoAnywhere MFT versions prior to 7.4.2

Description:

A path traversal issue exists, allowing attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients.

Recommendations:

For versions prior to 7.4.2, update to version 7.4.2 or later to resolve the issue.

Fix

Path traversal

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2024-25156

Affected Products

Goanywhere Mft