CVE-2024-9945 — Sensitive Information Exposure in Goanywhere MFT

CWE-200 — Sensitive Information Exposure CWE-425 — Forced Browsing CWE-552 — Files or Directories Accessible to External Parties2 documents2 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 62.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortra Goanywhere MFT

Timeline

PublishedDec 13

Description

An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5fortra/goanywhere_mft< 7.7.0

🔴Vulnerability Details

GHSA

GHSA-c9p4-fh3x-2qfc: An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7↗2024-12-13

▶