Pre-Authentication Command Injection Vulnerability in Fortra GoAnywhere MFT License Response Servlet

Pre-Authentication Command Injection Vulnerability in Fortra GoAnywhere MFT License Response Servlet

CVE-2023-0669 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

Learn more about our Web Application Penetration Testing UK.