Authentication bypass in GoAnywhere MFT prior to 7.6.0

FI-2024-009 - Authentication bypass in GoAnywhere MFT prior to 7.6.0

Severity
Medium
Published Date
14-Aug-2024
Updated Date
14-Aug-2024
Vulnerabilities
CVE-2024-25157
 
Notes
Description

An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.

 

Vulnerabilities

 
Authentication bypass in GoAnywhere MFT prior to 7.6.0
Severity
Medium
CVE
CVE-2024-25157
CWE
CWE-303:Incorrect Implementation of Authentication Algorithm
Discovery Date
20-Feb-2024
CSSv3.1
6.5 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
Affected Products
GoAnywhere MFT Prior to 7.6.0
Vulnerability Notes
Remediation: Vendor Fix

Upgrade to GoAnywhere 7.6.0 or higher to remediate this issue

 
References
 

References