CVE-2023-0669

high

Description

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

References

http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html

https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html

https://github.com/rapid7/metasploit-framework/pull/17607

Details

Source: Mitre, NVD

Published: 2023-02-06

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics