Fortra® Security & Trust Center

Blog

VERT Threat Alert: January 2025 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s January 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1139 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2025-21333The first of three Hyper-V vulnerabilities this month is a heap-based buffer overflow that leads to privilege escalation to SYSTEM. Microsoft has reported this...
Emerging Threats

Ivanti Unauthenticated Remote Code Execution

Fortra is actively researching vulnerabilities in Ivanti Connect Secure, Policy Secure, and ZTA Gateways – CVE-2025-0282 and CVE-2025-0283. Successful exploitation of CVE-2025-0282 could lead to unauthenticated remote code execution, while CVE-2025-0283 could allow a local authenticated attacker to escalate privileges. Ivanti has begun to release patches for these vulnerabilities, and customers should upgrade as soon as relevant patches are released.
Security Advisory

Session Cookie Set Without 'Secure' Attribute in PowerHA Web Interface

PowerHA does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
Emerging Threats

PAN-OS Firewall Denial of Service Vulnerability

Fortra is actively researching a vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software – CVE-2024-3393. This vulnerability could allow an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. Palo Alto has released fixes for this vulnerability, and customers are encouraged to update to a fixed version as soon as possible.
Emerging Threats

Apache Tomcat Remote Code Execution Vulnerability

Fortra is actively researching critical vulnerabilities in Apache Tomcat – CVE-2024-50379 and CVE-2024-56337. An incomplete patch of CVE-2024-50379 could result in code execution on case-insensitive file systems when the default servlet is enabled for write. Users are recommended to update Tomcat installations to the latest secure version to fully mitigate these vulnerabilities.
Blog

Riskiest Social Media Platforms, Q4 2024

Every quarter, Fortra analyzes thousands of social media incidents to identify the top threats and trends plaguing organizations, their brands, and employees. Social media is a highly attractive environment to cyber attackers due to the large user base, constant flow of information, and the shift of younger generations relying more on social platforms for information instead of web searches. This...
Emerging Threats

Apache Struts 2 Vulnerability

Fortra is actively researching a vulnerability affecting Apache Struts 2 – CVE-2024-53677. By exploiting this vulnerability, a malicious actor can manipulate file upload parameters to enable paths traversal. Under some circumstances, this can lead to uploading a malicious file which can be used to perform remote code execution. Software patches have been released to address this vulnerability, and customers should upgrade as soon as possible.
Security Advisory

Limited Information Disclosure in GoAnywhere MFT Prior to 7.7.0

An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders. NOTE: By default, these folders don't typically contain any sensitive data.
Emerging Threats

Cleo Unrestricted File Upload & Download Vulnerability

Fortra is actively researching a new vulnerability in three products from Cleo – Cleo Harmony, Cleo VLTrader, and Cleo LexiCom. This vulnerability, CVE-2024-50623, can allow unrestricted file upload and download, which can lead to remote code execution. Active exploitation of the vulnerability has been reported. Cleo has released patches to address this vulnerability, and affected customers are strongly advised to to update their instances as soon as possible.