Vulnerability Description
A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Helpsystems | Goanywhere Managed File Transfer | < 6.8.3 |
Related Weaknesses (CWE)
References
- https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtmlPermissions RequiredThird Party Advisory
- https://www.goanywhere.com/support/advisory/68xMitigationVendor Advisory
- https://www.goanywhere.com/support/release-notes/mft?limit=0Release NotesVendor Advisory
- https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtmlPermissions RequiredThird Party Advisory
- https://www.goanywhere.com/support/advisory/68xMitigationVendor Advisory
- https://www.goanywhere.com/support/release-notes/mft?limit=0Release NotesVendor Advisory
FAQ
What is CVE-2021-46830?
CVE-2021-46830 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who s...
How severe is CVE-2021-46830?
CVE-2021-46830 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-46830?
Check the references section above for vendor advisories and patch information. Affected products include: Helpsystems Goanywhere Managed File Transfer.