CVE-2023-0669

HighKnown ExploitedRansomware

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response…

rapid7·CWE-502·Published 2023-02-06

CVSS

7.2

EPSS

1.00

KEV

Yes

Exploits

Vendor statements (1)

my.goanywhere.com

cve.orgen

246 chars

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

GHSAen

528 chars

## Withdrawn This advisory has been withdrawn because it was incorrectly associated with the metasploit-framework package, which is not affected by this CVE, and the actual vulnerable component does not fit within our supported ecosystems. This link is maintained to preserve external references. ## Original Description Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.

NVDes

289 chars

Fortra (anteriormente HelpSystems) GoAnywhere MFT presenta una vulnerabilidad de inyección de comandos de preautenticación en el servlet de respuesta a licencias debido a la deserialización de un objeto arbitrario controlado por un atacante. Este problema se solucionó en la versión 7.1.2.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.2	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	7.2	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	GHSA	7.2	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H