Fortra is actively researching an out-of-bounds write vulnerability in FortiOS. This vulnerability, CVE-2024-21762, may allow an unauthenticated remote attacker to execute arbitrary code or command via specially crafted HTTP requests. Customers are recommended to upgrade to a fixed version of FortiOS as soon as possible.

Fortra is researching a vulnerability in Jenkins’ built-in command line interface (CLI). This vulnerability, CVE-2024-23897, could allow an unauthenticated attacker with Overall/Read permission to read arbitrary files on the Jenkins controller file system. Customers are recommended to update to Jenkins 2.442, LTS 2.426.3.

Fortra is researching an authentication bypass vulnerability in GoAnywhere MFT (CVE-2024-0204). By exploiting this vulnerability, an unauthorized user can create an admin user via the administration portal. Customers are recommended to upgrade to GoAnywhere MFT 7.4.1 or higher. Who is affected?Customers using any version of GoAnywhere MFT before version 7.4.1 are vulnerable to CVE-2024-0204. What...

Fortra is researching a new template injection vulnerability on out-of-date versions of Confluence Data Center and Confluence Server. By exploiting this vulnerability (CVE-2023-22527), an unauthenticated attacker can achieve remote code execution. Customers are recommended to update to a patched version of Confluence Data Center and Server as soon as possible to resolve this vulnerability.