Description
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Fortra / GoAnywhere MFT0 β 7.8.3
Exploits & PoCs
- nucleiGoAnywhere - Authentication Bypassby DhiyaneshDk,watchtowr