vulnerability
Fortra GoAnywhere MFT: CVE-2024-0204: Direct Request
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jan 22, 2024 | Aug 19, 2025 | Aug 19, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jan 22, 2024
Added
Aug 19, 2025
Modified
Aug 19, 2025
Description
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
Solution
fortra-goanywhere-mft-upgrade-latest
References
- CWE-425
- CVE-2024-0204
- https://attackerkb.com/topics/CVE-2024-0204
- URL-http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html
- URL-http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html
- URL-https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
- URL-https://www.fortra.com/security/advisory/fi-2024-001
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.