Limited Information Disclosure in GoAnywhere MFT Prior to 7.7.0

FI-2024-014 - Limited Information Disclosure in GoAnywhere MFT Prior to 7.7.0

Severity
Medium
Published Date
13-Dec-2024
Updated Date
13-Dec-2024
Vulnerabilities
CVE-2024-9945
 
Notes
Description

An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders.  

NOTE: By default, these folders don't typically contain any sensitive data.

 

Vulnerabilities

 
Limited Information Disclosure in GoAnywhere MFT Prior to 7.7.0
Severity
Medium
CVE
CVE-2024-9945
CWE
CWE-200:Exposure of Sensitive Information to an Unauthorized Actor
Discovery Date
17-Nov-2023
CSSv3.1
5.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products
GoAnywhere Prior to 7.7.0
Vulnerability Notes
Remediation: Vendor Fix

Upgrade to version 7.7.0 or higher.

 
References
 

References

 

Acknowledgements

Fortra would like to thank the following individuals:

  • xiao xiong
Stay Current, Stay Safe

Get Fortra product security advisories delivered to your inbox.