- Description
- Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
- Source
- df4dee71-de3a-4139-9588-11b62fe6c0ff
- NVD status
- Modified
- Products
- goanywhere_managed_file_transfer
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
CVE-2024-0230 Bluetooth vulnerabilities in Android Linux macOS iOS and Windows https://t.co/Wqo9t3vB7Q https://t.co/OSg2KG668P WifiKey AC Gateway Pre-auth RCE https://t.co/QkxyClI0OP CVE-2024-0204 PoC For Fortra GoAnywhere MFT Authentication Bypass https://t.co/rtjzKht2D1
@Hermes_tooll
13 Mar 2026
1139 Impressions
3 Retweets
13 Likes
9 Bookmarks
0 Replies
0 Quotes
⚠️ Microsoft warns of critical GoAnywhere flaw under attack A zero-day in Fortra’s GoAnywhere MFT (CVE-2024-0204) is being actively exploited to steal data and deploy ransomware. Microsoft links the activity to Lace Tempest, known for CL0P ransomware. 👉🏻 patch imme
@ransomnews
7 Oct 2025
344 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 Hono, HTTP Request Smuggling, #CVE-2024-0204 (Critical) https://t.co/620pnM0udP
@dailycve
12 Sept 2025
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "383EAFF6-9DE9-4054-8C0E-B685C9509EB6",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BBD2B0B-3524-4138-8138-39DA5D0434F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]