cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-25157,https://securityvulnerability.io/vulnerability/CVE-2024-25157,Unauthorized Information Disclosure or Modification Vulnerability in GoAnywhere MFT Prior to 7.6.0,An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.,Fortra,Goanywhere Mft,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-08-14T15:04:10.987Z,0
CVE-2024-25156,https://securityvulnerability.io/vulnerability/CVE-2024-25156,Path Traversal Vulnerability in GoAnywhere MFT,"
A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients.

",Fortra,Goanywhere Mft,6.5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-03-14T14:06:01.498Z,0
CVE-2024-0204,https://securityvulnerability.io/vulnerability/CVE-2024-0204,Unauthorized Access to Admin User Accounts via Administration Portal,"An authentication bypass vulnerability exists in Fortra's GoAnywhere MFT prior to version 7.4.1. This flaw allows unauthorized individuals to exploit the administration portal, enabling them to create admin user accounts without proper credentials. The lack of adequate authentication mechanisms exposes organizations to severe security risks, including unauthorized access to sensitive data and control over the application. Users and administrators are urged to upgrade to the latest version to mitigate potential threats.",Fortra,GoAnywhere MFT,9.8,CRITICAL,0.704010009765625,false,,true,false,true,2024-01-23T10:41:20.000Z,true,true,false,,2024-01-22T18:05:13.194Z,12251
CVE-2023-0669,https://securityvulnerability.io/vulnerability/CVE-2023-0669,GoAnywhere MFT suffers from pre-authentication command injection vulnerability,"Fortra's GoAnywhere MFT is exposed to a command injection vulnerability in the License Response Servlet, allowing attackers to manipulate the server by deserializing a malicious object. This vulnerability can occur before authentication, presenting a significant risk. The issue has been addressed in version 7.1.2, and it is crucial for users to update to this version to safeguard their systems from potential exploitation.",Fortra,Goanywhere Mft,7.2,HIGH,0.9700300097465515,true,2023-02-10T00:00:00.000Z,true,true,true,2023-02-10T00:00:00.000Z,true,false,false,,2023-02-06T20:15:00.000Z,0