Fortra
Products by Fortra Sorted by Most Security Vulnerabilities since 2018
Known Exploited Fortra Vulnerabilities
The following Fortra vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability | Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution. CVE-2022-42948 | March 30, 2023 |
Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability | Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely. CVE-2022-39197 | March 30, 2023 |
Fortra GoAnywhere MFT Remote Code Execution Vulnerability | Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object. CVE-2023-0669 | February 10, 2023 |
By the Year
In 2024 there have been 1 vulnerability in Fortra with an average score of 9.8 out of ten. Last year Fortra had 3 security vulnerabilities published. Right now, Fortra is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 2.13.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 9.80 |
2023 | 3 | 7.67 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Fortra vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fortra Security Vulnerabilities
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1
CVE-2024-0204
9.8 - Critical
- January 22, 2024
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
forced browsing
A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4
CVE-2023-6253
6 - Medium
- November 22, 2023
A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.
Insecure Storage of Sensitive Information
SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18
CVE-2021-26837
9.8 - Critical
- September 19, 2023
SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.
SQL Injection
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers
CVE-2023-0669
7.2 - High
- February 06, 2023
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Marshaling, Unmarshaling