Fortra’s Alert Logic is researching an authentication bypass vulnerability in GoAnywhere MFT (CVE-2024-0204). By exploiting this vulnerability, an unauthorized user can create an admin user via the administration portal. Customers are recommended to upgrade to GoAnywhere MFT 7.4.1 or higher.
Who is affected?
Customers using any version of GoAnywhere MFT before version 7.4.1 are vulnerable to CVE-2024-0204.
What can I do?
GoAnywhere MFT resolved this vulnerability on December 4, 2023, with the release of version 7.4.1. Customers are recommended to download this new version and upgrade their software as soon as possible. For more information, refer to the security advisory.
How is Alert Logic helping me?
Alert Logic is actively researching this threat to build detection capabilities.
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.