CVE-2024-9945:
GoAnywhere MFT Análisis y mitigación de vulnerabilidades
Vista general
An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders. The vulnerability was discovered on November 17, 2023, and was publicly disclosed on December 13, 2024 (Fortra Advisory, NVD).
Técnicas
The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. It is categorized under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-425 (Direct Request - 'Forced Browsing'). By default, the affected admin root folders typically don't contain sensitive data (Fortra Advisory).
Impacto
The vulnerability allows external access to resources in certain admin root folders of the GoAnywhere MFT application, potentially leading to information disclosure. However, the impact is considered moderate as the affected folders typically don't contain sensitive data by default (Fortra Advisory).
Mitigación y soluciones alternativas
Users are advised to upgrade to GoAnywhere MFT version 7.7.0 or higher to remediate this vulnerability (Fortra Advisory).
Recursos adicionales
Fuente: Este informe se generó utilizando IA
Relacionado GoAnywhere MFT Vulnerabilidades:
Evaluación gratuita de vulnerabilidades
Compare su postura de seguridad en la nube
Evalúe sus prácticas de seguridad en la nube en 9 dominios de seguridad para comparar su nivel de riesgo e identificar brechas en sus defensas.
Recursos adicionales de Wiz
Obtén una demostración personalizada
¿Listo para ver a Wiz en acción?
"La mejor experiencia de usuario que he visto en mi vida, proporciona una visibilidad completa de las cargas de trabajo en la nube."
"Wiz proporciona un panel único para ver lo que ocurre en nuestros entornos en la nube."
"Sabemos que si Wiz identifica algo como crítico, en realidad lo es."