Fortra Fortra

  1. Vendors
  2. Fortra
Do you want an email whenever new security vulnerabilities are reported in any Fortra product?

Products by Fortra Sorted by Most Security Vulnerabilities since 2018

Fortra Goanywhere Managed File Transfer2 vulnerabilities

Fortra Delivernow1 vulnerability

Fortra Digital Guardian Agent1 vulnerability

Known Exploited Fortra Vulnerabilities

The following Fortra vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution. CVE-2022-42948 March 30, 2023
Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely. CVE-2022-39197 March 30, 2023
Fortra GoAnywhere MFT Remote Code Execution Vulnerability Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object. CVE-2023-0669 February 10, 2023

By the Year

In 2024 there have been 1 vulnerability in Fortra with an average score of 9.8 out of ten. Last year Fortra had 3 security vulnerabilities published. Right now, Fortra is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 2.13.

Year Vulnerabilities Average Score
2024 1 9.80
2023 3 7.67
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Fortra vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortra Security Vulnerabilities

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1

CVE-2024-0204 9.8 - Critical - January 22, 2024

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

forced browsing

A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4

CVE-2023-6253 6 - Medium - November 22, 2023

A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.

Insecure Storage of Sensitive Information

SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18

CVE-2021-26837 9.8 - Critical - September 19, 2023

SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.

SQL Injection

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers

CVE-2023-0669 7.2 - High - February 06, 2023

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

Marshaling, Unmarshaling

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.