Fortra® Security & Trust Center

Security Advisory

Session Cookie Set Without 'Secure' Attribute in PowerHA Web Interface

Tue, 01/07/2025
PowerHA does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
FI-2025-002
Medium
CVE-2024-55897
Emerging Threats

PAN-OS Firewall Denial of Service Vulnerability

Tue, 12/31/2024
Fortra is actively researching a vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software – CVE-2024-3393. This vulnerability could allow an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. Palo Alto has released fixes for this vulnerability, and customers are encouraged to update to a fixed version as soon as possible.
Emerging Threats

Apache Tomcat Remote Code Execution Vulnerability

Tue, 12/24/2024
Fortra is actively researching critical vulnerabilities in Apache Tomcat – CVE-2024-50379 and CVE-2024-56337. An incomplete patch of CVE-2024-50379 could result in code execution on case-insensitive file systems when the default servlet is enabled for write. Users are recommended to update Tomcat installations to the latest secure version to fully mitigate these vulnerabilities.
Blog

Riskiest Social Media Platforms, Q4 2024

By Meriam Senouci on Thu, 12/19/2024
Every quarter, Fortra analyzes thousands of social media incidents to identify the top threats and trends plaguing organizations, their brands, and employees. Social media is a highly attractive environment to cyber attackers due to the large user base, constant flow of information, and the shift of younger generations relying more on social platforms for information instead of web searches. This...
Threat Research & Intelligence
Emerging Threats

Apache Struts 2 Vulnerability

Tue, 12/17/2024
Fortra is actively researching a vulnerability affecting Apache Struts 2 – CVE-2024-53677. By exploiting this vulnerability, a malicious actor can manipulate file upload parameters to enable paths traversal. Under some circumstances, this can lead to uploading a malicious file which can be used to perform remote code execution. Software patches have been released to address this vulnerability, and customers should upgrade as soon as possible.
Security Advisory

Limited Information Disclosure in GoAnywhere MFT Prior to 7.7.0

Fri, 12/13/2024
An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders. NOTE: By default, these folders don't typically contain any sensitive data.
FI-2024-014
Medium
CVE-2024-9945
Patch Tuesday
Blog

Patch Tuesday Update December 2024

By Tyler Reguly on Thu, 12/12/2024
While not the smallest December Patch Tuesday we’ve ever had, there are only 72 CVEs this month, with only one that has been publicly disclosed and exploited and one that scores above a CVSS 9.0. 
Emerging Threats

Cleo Unrestricted File Upload & Download Vulnerability

Wed, 12/11/2024
Fortra is actively researching a new vulnerability in three products from Cleo – Cleo Harmony, Cleo VLTrader, and Cleo LexiCom. This vulnerability, CVE-2024-50623, can allow unrestricted file upload and download, which can lead to remote code execution. Active exploitation of the vulnerability has been reported. Cleo has released patches to address this vulnerability, and affected customers are strongly advised to to update their instances as soon as possible.
Emerging Threats

IdentityIQ Improper Access Control Vulnerability

Thu, 12/05/2024
Fortra is actively researching an improper access control vulnerability in SailPoint’s IdentityIQ– CVE-2024-10905. This vulnerability could allow unauthorized HTTP access to static content in the IdentityIQ application directory. SailPoint has released fixes for this vulnerability, which customers should apply as soon as possible.