CVE-2021-46830

A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended.
References
Link Resource
https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml Permissions Required Third Party Advisory
https://www.goanywhere.com/support/advisory/68x Mitigation Vendor Advisory
https://www.goanywhere.com/support/release-notes/mft?limit=0 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:helpsystems:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*

History

29 Sep 2022, 15:40

Type Values Removed Values Added
References (MISC) https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml - (MISC) https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml - Permissions Required, Third Party Advisory

07 Sep 2022, 05:15

Type Values Removed Values Added
References
  • (MISC) https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml -

03 Aug 2022, 14:34

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
First Time Helpsystems goanywhere Managed File Transfer
Helpsystems
CPE cpe:2.3:a:helpsystems:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*
CWE CWE-22
References (MISC) https://www.goanywhere.com/support/release-notes/mft?limit=0 - (MISC) https://www.goanywhere.com/support/release-notes/mft?limit=0 - Release Notes, Vendor Advisory
References (MISC) https://www.goanywhere.com/support/advisory/68x - (MISC) https://www.goanywhere.com/support/advisory/68x - Mitigation, Vendor Advisory

27 Jul 2022, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-07-27 23:15

Updated : 2023-12-10 14:35


NVD link : CVE-2021-46830

Mitre link : CVE-2021-46830

CVE.ORG link : CVE-2021-46830


JSON object : View

Products Affected

helpsystems

  • goanywhere_managed_file_transfer
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')