Fortra.GoAnywhere.MFT.LicenseResponseServlet.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection vulnerability in GoAnywhere MFT.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. An unauthenticated remote attacker may be able to exploit this to execute arbitrary commands within the context of the application.

description-logoOutbreak Alert

Fortra (formerly, knowns as HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet.

View the full Outbreak Alert Report

affected-products-logoAffected Products

GoAnywhere MFT v7.1.1 and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's advisory for updates.
https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/GoAnywhere/GAMFT.htm

Version Updates

Date Version Detail
2023-05-16 0.00348

CVE References

CVE-2023-0669