The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LFortra Goanywhere Managed File Transfer
APPFortra< 7.10.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2025-10035CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Deserialization i command injection w Fortra GoAnywhere MFT (License Servlet)
CVE-2024-0204CRITICAL9.8PL ✓ten sam produkt
Pominięcie uwierzytelniania w Fortra GoAnywhere MFT — tworzenie konta admina
CVE-2023-0669HIGH7.2⚠ KEVten sam produkt
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerabilit...
CVE-2025-1241MEDIUM5.8ten sam produkt
Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2...
CVE-2026-0971MEDIUM4.3ten sam produkt
An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configure...