managed file transfer vulnerabilities and exploits

(subscribe to this query)

NA

Authentication bypass in Fortra's GoAnywhere MFT before 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

Fortra Goanywhere Managed File Transfer 6.0.0 Fortra Goanywhere Managed File Transfer

3 Github repositories1 Article

NA

IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.

Ibm Mq 8.0.0.0 Ibm Mq 9.0.0.0 Ibm Mq 9.1.0 Ibm Mq 9.1.0.0 Ibm Mq 9.2.0 Ibm Mq 9.3.0

NA

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

Fortra Goanywhere Managed File Transfer

1 Metasploit module6 Github repositories2 Articles

NA

A path traversal vulnerability exists within GoAnywhere MFT prior to 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain acce...

Helpsystems Goanywhere Managed File Transfer

6.4

CVSSv2

The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily e...

Tibco Managed File Transfer Command Center Tibco Managed File Transfer Internet Server

8.5

CVSSv2

The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low p...

Tibco Managed File Transfer Platform Server

4

CVSSv2

Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later.

Accellion Managed File Transfer

3.7

CVSSv2

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local malicious user to perform actions with the privileges of the user that t...

Apache Tomcat 10.0.0 Apache Tomcat 10.1.0 Apache Tomcat Oracle Managed File Transfer 12.2.1.3.0 Oracle Agile Engineering Data Management 6.2.1.0 Oracle Managed File Transfer 12.2.1.4.0 Oracle Mysql Enterprise Monitor Oracle Communications Cloud Native Core Policy 1.15.0 Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0 Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0 Debian Debian Linux 10.0 Debian Debian Linux 11.0

4.3

CVSSv2

Apache Log4j2 versions 2.0-alpha1 up to and including 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted strin...

74 Github repositories5 Articles

5

CVSSv2

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the c...

Get Started

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook